Groupon India suffers massive security breach
Wednesday 29 June 2011
The Indian subsidiary of online deals giant Groupon has accidentally published email addresses and passwords of its 300,000-strong subscriber database, reports and the company said.
Daniel Grzelak, founder of the Internet security website shouldichangemypassword.com, found the security breach of sosasta.com while running a Google search for publicly available databases.
"A few hours and tweaks later, this database came up," he told the Internet security site risky.biz. "I started scrolling, and scrolling, and I couldn't get to the bottom of the file. Then I realised how big it actually was."
Sosasta.com, an online discount portal acquired by Groupon in January 2011, alerted its subscribers Tuesday and posted a message on its Facebook page asking users to "change your Sosasta password immediately".
"Over this weekend, we have been alerted to a security issue potentially affecting subscribers of Sosasta. We wanted to let you know that the issue has been brought under control and your accounts are secure," the message said.
Grzelak's website shouldichangemypassword.com holds a database of 1.3 million compromised email addresses, allowing users to check if their own email address is among those deemed unsafe.
"There are thousands of these databases indexed by Google," he told Risky.biz. "This just happened to be by far the biggest I found."
Groupon said it would review Sosasta's security procedures and put in place "measures designed to prevent this kind of issue from recurring," risky.biz reported.
"Groupon takes security and privacy very seriously. Our users' trust is of paramount importance to us and we deeply regret this incident," it quoted the firm as saying. "This issue does not affect data from any other country or region."
Groupon, based in Chicago, announced plans to go public earlier this month, after turning down a $6 billion takeover offer from Google last year. It currently has 83.1 million subscribers and operates in 43 countries.
The company operates on the principle of collective buying, negotiating with businesses to offer discounted purchases which come into effect when a minimum number of subscribers agree to pay for the same deal.
Life & Style blogs
This restaurant has misunderstood the concept of 'cheese and biscuits'
Tinder Plus: premium service launches, charging much more for those over 28
The remarkable archaeological underwater discovery that could open up a new chapter in the study of European and British prehistory
Mother's Day 2015: When is it – and how did it first come about?
Google Plus might be dead, as ‘Streams’ and ‘Photos’ take its place
New theory could prove how life began and disprove God
This is what it's like to be dead, according to a guy who died for a bit
End of the licence fee: BBC to back radical overhaul of how it is funded
'Jihadi John': CAGE representative storms off Sky News accusing Kay Burley of Islamophobia
Ukip would cut billions from Scottish budget to fund English tax cuts
Nearly 100,000 of Britain's poorest children go hungry after parents' benefits are cut
- 1 End of the licence fee: BBC to back radical overhaul of how it is funded
- 2 This restaurant has misunderstood the concept of 'cheese and biscuits'
- 3 Raif Badawi, the Saudi Arabian blogger sentenced to 1,000 lashes, may now face death penalty
- 4 Delhi bus rapist blames dead victim for attack because 'girls are responsible for rape'
- 5 PornHub turns masturbation into energy in bid to save the planet
£7 - £9 per hour: Recruitment Genius: Are you outgoing? Do you want to work in...
£45000 - £55000 per annum + 30 days holiday: Ashdown Group: Finance Manager - ...
£28000 - £30000 per annum: Ashdown Group: 3rd Line Support Engineer / Network ...
£26000 - £33000 per annum: Recruitment Genius: A Web Developer is required to ...