Were you affected by the LivingSocial site hack on Friday? Their network was hacked, and over 50 million of their customers’ names, email addresses, and encrypted passwords were stolen. They reset all of their customers’ passwords and sent them an email notification. If you’re a LivingSocial customer, you should have received an email notification from them about the incident. They also published a FAQ about the incident.
What LivingSocial glossed over, I think, is that this intrusion puts at risk any other online accounts you have for which you use the same password. You should reset those passwords, too.
While we’re on the subject, let me nag you about best practices for managing your passwords. You really need to:
- Use long, strong and preferably random passwords.
- Use a unique password for each of your online accounts.
- Use two-factor authentication, if it’s available. (I touched on this in a previous post.)
This all sounds like a huge pain, but it’s really important. I’ve lost count of how many people I know who have had their email hacked because they used the same weak password on other sites.
It’s not that hard, either. There are password managers available that let you easily create, use, and store completely random passwords, all controlled by a single master password that you know. The one I use is called Lastpass, but if you google “password manager” you’ll find several others. Lastpass also has an enterprise version for use in businesses; it provides a secure way to store, share, and track passwords within your team.
If you don’t want to take the time right now to clean up all of your passwords, please at least make a start. Install a password manager, start to use it, and then gradually reset your passwords as you visit websites throughout the course of your day — or week — or month. A little progress is better than none.