Groupon India suffers massive security breach
Wednesday 29 June 2011
The Indian subsidiary of online deals giant Groupon has accidentally published email addresses and passwords of its 300,000-strong subscriber database, reports and the company said.
Daniel Grzelak, founder of the Internet security website shouldichangemypassword.com, found the security breach of sosasta.com while running a Google search for publicly available databases.
"A few hours and tweaks later, this database came up," he told the Internet security site risky.biz. "I started scrolling, and scrolling, and I couldn't get to the bottom of the file. Then I realised how big it actually was."
Sosasta.com, an online discount portal acquired by Groupon in January 2011, alerted its subscribers Tuesday and posted a message on its Facebook page asking users to "change your Sosasta password immediately".
"Over this weekend, we have been alerted to a security issue potentially affecting subscribers of Sosasta. We wanted to let you know that the issue has been brought under control and your accounts are secure," the message said.
Grzelak's website shouldichangemypassword.com holds a database of 1.3 million compromised email addresses, allowing users to check if their own email address is among those deemed unsafe.
"There are thousands of these databases indexed by Google," he told Risky.biz. "This just happened to be by far the biggest I found."
Groupon said it would review Sosasta's security procedures and put in place "measures designed to prevent this kind of issue from recurring," risky.biz reported.
"Groupon takes security and privacy very seriously. Our users' trust is of paramount importance to us and we deeply regret this incident," it quoted the firm as saying. "This issue does not affect data from any other country or region."
Groupon, based in Chicago, announced plans to go public earlier this month, after turning down a $6 billion takeover offer from Google last year. It currently has 83.1 million subscribers and operates in 43 countries.
The company operates on the principle of collective buying, negotiating with businesses to offer discounted purchases which come into effect when a minimum number of subscribers agree to pay for the same deal.
Life & Style blogs
iPhone 6 will function as 'mobile wallet' following Apple deal with Visa - reports
Half of young women unable to ‘locate vagina’ and 65% find it difficult to say the word
Is Apple's iCloud safe after leak of Jennifer Lawrence and other celebrities' nude photos?
David Sedaris: What I learnt from Fitbit about the world around me
Reader dilemma: My wife only wants to have sex when she's drunk
Rotherham child sex abuse scandal: Labour Home Office to be probed over what Tony Blair's government knew - and when
What do immigrants really think of Britain? Polish immigrant's Reddit post goes viral
Ashya King: Parents of five-year-old boy refused permission to visit him in hospital and denied bail at Spanish court
With Douglas Carswell joining Ukip, my party has taken another giant step forward
When elitism grips the top of British society to this extent, there is only one answer: abolish private schools
Ashya King: 'Cruel NHS has not given us the treatment we need', says father of five-year-old with brain tumour who fled to Spain
- 1 Half of young women unable to ‘locate vagina’ and 65% find it difficult to say the word
- 3 Saudis risk new Muslim division with proposal to move Mohamed’s tomb
- 4 A teacher speaks out: 'I'm effectively being forced out of a career that I wanted to love'
- 5 Mexican woman becomes world’s 'oldest person' at 127
£24,000 per annum pro rata (21 hours per week): Belong: Work as part of a cutt...
Highly Competitive Package: Austen Lloyd: BRISTOL - Senior Construction Solici...
£20000 - £45000 per annum + uncapped: SThree: Key featuresA highly motivated ...
£21000 - £35000 per annum: Randstad Education Cambridge: DT teachers required ...