Livingsocial, the deals website owned by Amazon, has confirmed that hackers have had access to the account details of 50 million users.
So how did it happen, and what can you do if you are affected?
The details were taken straight from the servers used by the website. The hackers did not get hold of credit card details, but gained access to names, emails, and the dates of birth of some users.
They also accessed encrypted passwords, although the site was keen to reassure users that none of the passwords themselves were disclosed, saying: "We never store passwords in plain text." The site says it has not received any reports of accounts having been accessed - and says that decoding an encrypted password would be difficult.
The experts at Sophos say that decoding the passwords is incredibly difficult, and has to start with a guess. This, they highlight, is why it is so important to make your password something that would be impossible for a hacker to guess.
What to doLivingSocial has erred on the side of caution and expired all passwords. When users log in they see a message explaining about the hack and the stolen encrypted passwords, and stating: "Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one."
LivingSocial is also attempting to contact users, warning them of the hack, using the email address on their system. However, it is well aware that there are criminals who would use this as an opportunity to con LivingSocial users.
The website added: "Please note that LivingSocial will never ask you directly for personal or account information in an email. We will always direct you to the LivingSocial website – and require you to login – before making any changes to your account. Please disregard any emails claiming to be from LivingSocial that request such information or direct you to a different website that asks for such information."