E-commerce company LivingSocial revealed last week it endured a data breach in which attackers accessed its users' encrypted passwords. And even though no payment data was exposed, cardholders should still be concerned.
"A compromised password represents the keys to the kingdom [for hackers]," says Julie Conroy, senior analyst and fraud expert with Boston-based Aite Group. "Account takeover is passing over stolen card data as the biggest problem facing companies."
Because consumers tend to use the same passwords on various sites, a hacker can do a lot of damage when obtaining a password on a social media site, Conroy says.
"They will use an automated bit to send that password out and try gaining access to as many e-commerce and banking sites as they can," Conroy says.
The loss of a password on one site could lead to a hacker stealing card data or funds from another account, she says.
"Having stolen credentials in the ecosystem is as bad or worse than having stolen card payment data," Conroy says.
Getting access to a password or other personal information is a key starting point for identity fraud, which has reached its highest level in three years, according to a February report from Javelin Strategy & Research.
LivingSocial, which has more than 50 million users, did not respond to PaymentsSource inquiries for updates on the breach investigation prior to deadline.