June 29, 2011

Groupon reveals security breach in India

by Ammu Kannampilly

Groupon announced plans to go public earlier this month, after turning down a $6 billion Google takeover deal
The logo of online deals giant Groupon is seen at the company's international headquarters in Chicago, Illinois. The Indian subsidiary of the web firm has accidentally published email addresses and passwords of its 300,000-strong subscriber database, reports and the company said.

The Indian subsidiary of online deals giant Groupon has accidentally published email addresses and passwords from its subscriber database, the company and reports said Wednesday.

Groupon said in a statement sent to AFP that it "was alerted to a security issue" affecting its Sosasta.com subsidiary last Friday and that it "corrected the problem immediately."

Sosasta, an online discount portal acquired in January 2011, informed its subscribers Tuesday and posted a message on its Facebook page asking users to "change your Sosasta password immediately."

Daniel Grzelak, founder of the Internet security website shouldichangemypassword.com, found the security breach while running a Google search for publicly available databases of email addresses and passwords.

"A few hours and tweaks later, this database came up," he told the Internet security site risky.biz, which said SoSasta's database contained information on 300,000 people.

"I started scrolling, and scrolling, and I couldn't get to the bottom of the file. Then I realised how big it actually was."

Grzelak's website holds a database of 1.3 million compromised email addresses, allowing users to check if their own email address is among those deemed unsafe.

"There are thousands of these databases indexed by Google," he told risky.biz. "This just happened to be by far the biggest I found."

Groupon said it would review Sosasta's security procedures thoroughly and put in place "measures designed to prevent this kind of issue from recurring."

"Groupon takes security and privacy very seriously. Our users' trust is of paramount importance to us and we deeply regret this incident," the firm said. "This issue does not affect data from any other country or region."

Groupon, based in Chicago, announced plans to go public earlier this month, after turning down a $6 billion takeover offer from Google last year. It currently has 83.1 million subscribers and operates in 43 countries.

The company operates on the principle of collective buying, negotiating with businesses to offer discounted purchases which come into effect when a minimum number of subscribers agree to pay for the same deal.

(c) 2011 AFP

Citation: Groupon reveals security breach in India (2011, June 29) retrieved 24 April 2024 from https://phys.org/news/2011-06-groupon-india-massive-breach.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Groupon bargain service taps ex-Google exec
0 shares

Feedback to editors

Relevant PhysicsForums posts

Flipped RGB colours in a TV

8 hours ago

Fixing Linux kernel not found

Apr 16, 2024

Is an invisible LED mouse more accurate than one with a red LED?

Apr 15, 2024

AI In Actual Use

Apr 13, 2024

Does anyone make zero-flicker computer monitors?

Apr 13, 2024

Artificial Intelligence in Video

Apr 11, 2024

More from Computing and Technology

Load comments (0)