Groupon India suffers massive security breach
Wednesday 29 June 2011
The Indian subsidiary of online deals giant Groupon has accidentally published email addresses and passwords of its 300,000-strong subscriber database, reports and the company said.
Daniel Grzelak, founder of the Internet security website shouldichangemypassword.com, found the security breach of sosasta.com while running a Google search for publicly available databases.
"A few hours and tweaks later, this database came up," he told the Internet security site risky.biz. "I started scrolling, and scrolling, and I couldn't get to the bottom of the file. Then I realised how big it actually was."
Sosasta.com, an online discount portal acquired by Groupon in January 2011, alerted its subscribers Tuesday and posted a message on its Facebook page asking users to "change your Sosasta password immediately".
"Over this weekend, we have been alerted to a security issue potentially affecting subscribers of Sosasta. We wanted to let you know that the issue has been brought under control and your accounts are secure," the message said.
Grzelak's website shouldichangemypassword.com holds a database of 1.3 million compromised email addresses, allowing users to check if their own email address is among those deemed unsafe.
"There are thousands of these databases indexed by Google," he told Risky.biz. "This just happened to be by far the biggest I found."
Groupon said it would review Sosasta's security procedures and put in place "measures designed to prevent this kind of issue from recurring," risky.biz reported.
"Groupon takes security and privacy very seriously. Our users' trust is of paramount importance to us and we deeply regret this incident," it quoted the firm as saying. "This issue does not affect data from any other country or region."
Groupon, based in Chicago, announced plans to go public earlier this month, after turning down a $6 billion takeover offer from Google last year. It currently has 83.1 million subscribers and operates in 43 countries.
The company operates on the principle of collective buying, negotiating with businesses to offer discounted purchases which come into effect when a minimum number of subscribers agree to pay for the same deal.
Life & Style blogs
Airline food across the classes: Ever wondered what the other half are eating?
What do the emoji on Snapchat mean?
Huawei P8 review: best phones nobody's seen from the biggest company nobody's heard
The busiest Starbucks in the US is also the most secretive - it's where the CIA gets its coffee fix
Contraceptive pill 'can affect emotions by changing structure of brain'
The only black face in the Ukip manifesto is on the page about overseas aid
If I’m being racially abused I don’t need a stranger with a saviour complex to rescue me
Ukip is the only main political party to not address LGBT rights in its manifesto
Food banks: One million Britons will soon be using them, according to Trussell Trust
BBC election debate: The one photo that summed up the whole 90-minute leaders debate
Religion isn't growing, it is becoming vigorous in its demise, says philosopher AC Grayling
- 1 Alan Rickman admits editing 'terrible' script with friends in Pizza Hut behind backs of writers on Robin Hood: Prince of Thieves
- 2 18th century sex toy found in 'toilet of sword fighting school' in Poland
- 3 US? China? India? The 10 biggest economies in 2030 will be...
- 4 'I wish my teacher knew...': Young students share their 'heartbreaking' worries in notes
- 5 Rebecca Francis accuses Ricky Gervais of using 'influence' to target female hunters after receiving barrage of death threats
£18000 - £23000 per annum: Recruitment Genius: They work with major vehicle ma...
£16500 per annum: Recruitment Genius: A Chiropractic Assistant is needed in a ...
£18000 - £26000 per annum: Recruitment Genius: They work with major vehicle ma...
£28000 - £30000 per annum: Recruitment Genius: This company provides coaching ...