wordpress blog stats
Connect with us

Hi, what are you looking for?

, , , ,

GroupOn’s India User Data Apparently Compromised

Daily deals website SoSasta.com, which was acquired by GroupOn, has sent e-mailers to its users, informing them about a security issue affecting users, and advising them to change their passwords and report any unusual activity to the customer support team. This was reported by Mahesh Murthy via a tweet on Twitter. He also posted a screen shot of the e-mail communication, that he received as a registered user.

Although the communication mentioned that the issue had been resolved and accounts were safe, it recommended that users also change passwords at other websites, in case they were using the same Username-Password combination. The second statement suggests that the site’s password database may have been compromised. However, the e-mail also assures users that financial information such as Credit Card and Debit Card details have not been compromised, since they are not stored on SoSasta’s servers and are routed through CCAvenue (which was also reportedly hacked recently).

Database Leak; Internal Security Issue

Later, Patrick Gray, who runs a web security site Risky.biz tweeted a link to a post on his site, according to which, Australian security consultant Daniel Grzelak, while searching for publicly accessible databases containing e-mail address and password pairs on Google, encountered SoSasta’s database, containing e-mail addresses and clear-text passwords of 300,000 users. According to the post, Grzelak contacted GroupOn through Risky.biz and informed about the database, after which corrective measures were taken and users were alerted. MediaNama is in no position to verify Gray’s claims.

SoSasta has also issued a statement to MediaNama, in which it informs that on Friday morning India time (Thursday night Central US time), Groupon was alerted to a security issue potentially affecting subscribers of SoSasta, by an information security expert, following which the problem has been rectified, and advisories issued to subscribers. It will keep users informed as it gets to know more. It categorically mentions that Sosasta runs on its own platform and servers, and is not connected to Groupon sites in other countries, and the issue does not affect data from any other country or region.

Protecting User Data; Why Use E-Mail I.Ds As Usernames?

Advertisement. Scroll to continue reading.

Although, SoSasta does not ask for the user’s home address, and even mobile number is optional, it does rely on his/her e-mail i.d.

– Typically, an internet user logs on to most online services, using a single e-mail i.d and password. This includes social networking sites, which contain a lot of personal information including photographs, phone numbers and employment details. This makes the e-mail address and a common password the single master key to all user data. Should convenience outweigh user privacy? We feel, it should not, and user names should not be e-mail addresses.

– This case in particular, is more related to the site’s callousness in protecting user data, since there was no external attack. The onus is on the website to ensure that passwords are not stored in plain text and encrypted using the highest security standards. And we wonder why GroupOn did not upgrade the server infrastructure, in line with their international operations.

Media Statement: Sosasta Security Issue

On Friday morning India time (Thursday night Central US time), Groupon was alerted to a security issue potentially affecting subscribers of Sosasta, a website acquired by Groupon in January 2011.

After being alerted to this issue by an information security expert, we corrected the problem immediately. We have begun notifying our subscribers and advising them to change their Sosasta passwords as soon as possible. We will keep our Indian subscribers fully informed as we learn more.
Sosasta runs on its own platform and servers, and is not connected to Groupon sites in other countries.

Advertisement. Scroll to continue reading.

We are thoroughly reviewing our security procedures for Sosasta and are implementing measures designed to prevent this kind of issue from recurring.

This issue does not affect data from any other country or region.

Groupon takes security and privacy very seriously. Our users’ trust is of paramount importance to us and we deeply regret this incident.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...


Releasing the policy is akin to putting the proverbial 'cart before the horse'.


The industry's growth is being weighed down by taxation and legal uncertainty.


Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ