wordpress blog stats
Connect with us

Hi, what are you looking for?

GroupOn’s India User Data Apparently Compromised

Daily deals website SoSasta.com, which was acquired by GroupOn, has sent e-mailers to its users, informing them about a security issue affecting users, and advising them to change their passwords and report any unusual activity to the customer support team. This was reported by Mahesh Murthy via a tweet on Twitter. He also posted a screen shot of the e-mail communication, that he received as a registered user.

Although the communication mentioned that the issue had been resolved and accounts were safe, it recommended that users also change passwords at other websites, in case they were using the same Username-Password combination. The second statement suggests that the site’s password database may have been compromised. However, the e-mail also assures users that financial information such as Credit Card and Debit Card details have not been compromised, since they are not stored on SoSasta’s servers and are routed through CCAvenue (which was also reportedly hacked recently).

Database Leak; Internal Security Issue

Later, Patrick Gray, who runs a web security site Risky.biz tweeted a link to a post on his site, according to which, Australian security consultant Daniel Grzelak, while searching for publicly accessible databases containing e-mail address and password pairs on Google, encountered SoSasta’s database, containing e-mail addresses and clear-text passwords of 300,000 users. According to the post, Grzelak contacted GroupOn through Risky.biz and informed about the database, after which corrective measures were taken and users were alerted. MediaNama is in no position to verify Gray’s claims.

SoSasta has also issued a statement to MediaNama, in which it informs that on Friday morning India time (Thursday night Central US time), Groupon was alerted to a security issue potentially affecting subscribers of SoSasta, by an information security expert, following which the problem has been rectified, and advisories issued to subscribers. It will keep users informed as it gets to know more. It categorically mentions that Sosasta runs on its own platform and servers, and is not connected to Groupon sites in other countries, and the issue does not affect data from any other country or region.

Protecting User Data; Why Use E-Mail I.Ds As Usernames?

Although, SoSasta does not ask for the user’s home address, and even mobile number is optional, it does rely on his/her e-mail i.d.

– Typically, an internet user logs on to most online services, using a single e-mail i.d and password. This includes social networking sites, which contain a lot of personal information including photographs, phone numbers and employment details. This makes the e-mail address and a common password the single master key to all user data. Should convenience outweigh user privacy? We feel, it should not, and user names should not be e-mail addresses.

– This case in particular, is more related to the site’s callousness in protecting user data, since there was no external attack. The onus is on the website to ensure that passwords are not stored in plain text and encrypted using the highest security standards. And we wonder why GroupOn did not upgrade the server infrastructure, in line with their international operations.

Media Statement: Sosasta Security Issue

On Friday morning India time (Thursday night Central US time), Groupon was alerted to a security issue potentially affecting subscribers of Sosasta, a website acquired by Groupon in January 2011.

After being alerted to this issue by an information security expert, we corrected the problem immediately. We have begun notifying our subscribers and advising them to change their Sosasta passwords as soon as possible. We will keep our Indian subscribers fully informed as we learn more.
Sosasta runs on its own platform and servers, and is not connected to Groupon sites in other countries.

We are thoroughly reviewing our security procedures for Sosasta and are implementing measures designed to prevent this kind of issue from recurring.

This issue does not affect data from any other country or region.

Groupon takes security and privacy very seriously. Our users’ trust is of paramount importance to us and we deeply regret this incident.

You May Also Like

News

The Federation of All India Vyapar Mandal (FAIVM), a pan-India body of traders and retailers, has recommended that the government impose a tax of...

News

The Department for Promotion of Industry and Internal Trade (DPIIT) has forwarded complaints against Amazon and Flipkart, made by traders body Confederation of All...

News

The Competition Commission of India has sought information from sellers body AIOVA on the alleged preferential treatment that Amazon gives to certain large sellers,...

News

The Delhi High Court on Monday refused to stop Amazon from pushing regulators to stop the sale of the Future Group’s businesses to Reliance...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to Daily Newsletter

    © 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ