"You can go to Facebook or LinkdIn or others, search for somebody based on an email address and find out a lot of other details about that person," he continued.
"It opens a lot of doors for someone to attack you, even without password information," he added.
One way to blunt the impact of breaches like the one on LivingSocial would be for online services to adopt two-factor authentication, where the second factor would be a code sent to a cell phone. "That's an option that would get very wide adoption by consumers," Gross said.
"There's always a push-pull between what's mandated versus what's convenient," he continued, "and as a consumer, I'm going to do the least I have to do for protection because I know there are laws and regulations in place to limit my liability if there's a loss."
Sign up for CIO Asia eNewsletters.