SoSasta.com, which offers discount deals to over 3 lakh users in 11 cities across India, says its entire database was 'accidentally' leaked over the Internet and indexed by Google

Moneylife Digital Team

Groupon, the world's largest daily deals website, has admitted that a security issue has affected subscribers of its Indian unit SoSasta.com.

This was discovered by Australian security consultant Daniel Grzelak, who found the entire user database of SoSasta.com was accidentally published over the Internet and even indexed by Google. The database contained email addresses and clear-text passwords of around 3 lakh users of SoSasta.com.

Mr Grzelak told Risky.Biz portal, which deals with such security issues, that he was searching for publicly accessible databases containing email addresses and password pairs, when he stumbled upon the user database of SoSasta.com. He said, "A few hours and tweaks later, this database came up. I started scrolling and scrolling and I could not get to the bottom of the file. Then I realised how big it actually was."

According to the report on Risky.Biz, Mr Grzelak contacted the portal to seek advice on disclosure. The website, in turn contacted Andrew Mason, chief executive of Groupon. "The database was removed immediately and the company has launched an internal investigation to find out how it wound up publicly accessible in the first place," said the report on Risky.Biz. "Groupon is notifying all its SoSasta users of the incident and is advising them that the passwords they used on the website are now compromised and cannot be relied upon to secure other accounts."

According to the ZDNET India IT blog, Groupon sent an email to local users on Monday, which reads: "Over this weekend, we've been alerted to a security issue potentially affecting subscribers of Sosasta. We wanted to let you know that the issue has been brought under control and your accounts are secure. However, as a precautionary measure, we recommend that you change your SoSasta password immediately, by visiting the SoSasta website[...] Please be aware that none of your financial information (Credit Card, Debit Card, NetBanking etc) has been compromised since this information is not stored on SoSasta, as per law."

Chicago-based Groupon bought SoSasta.com from Kolkata-based Friday Media Pvt Ltd for an undisclosed amount, in January. At present, SoSasta.com offers discount deals in 11 cities (Mumbai, Pune, Kolkata, Hyderabad, Delhi, Bengaluru, Chennai, Chandigarh, Ahmedabad, Jaipur and Nagpur).Moneylife Digital Team

SoSasta.com, which offers discount deals to over 3 lakh users in 11 cities across India, says its entire database was 'accidentally' leaked over the Internet and indexed by Google

Groupon, the world's largest daily deals website, has admitted that a security issue has affected subscribers of its Indian unit SoSasta.com.

This was discovered by Australian security consultant Daniel Grzelak, who found the entire user database of SoSasta.com was accidentally published over the Internet and even indexed by Google. The database contained email addresses and clear-text passwords of around 3 lakh users of SoSasta.com.

Mr Grzelak told Risky.Biz portal, which deals with such security issues, that he was searching for publicly accessible databases containing email addresses and password pairs, when he stumbled upon the user database of SoSasta.com. He said, "A few hours and tweaks later, this database came up. I started scrolling and scrolling and I could not get to the bottom of the file. Then I realised how big it actually was."

According to the report on Risky.Biz, Mr Grzelak contacted the portal to seek advice on disclosure. The website, in turn contacted Andrew Mason, chief executive of Groupon. "The database was removed immediately and the company has launched an internal investigation to find out how it wound up publicly accessible in the first place," said the report on Risky.Biz. "Groupon is notifying all its SoSasta users of the incident and is advising them that the passwords they used on the website are now compromised and cannot be relied upon to secure other accounts."

According to the ZDNET India IT blog, Groupon sent an email to local users on Monday, which reads: "Over this weekend, we've been alerted to a security issue potentially affecting subscribers of Sosasta. We wanted to let you know that the issue has been brought under control and your accounts are secure. However, as a precautionary measure, we recommend that you change your SoSasta password immediately, by visiting the SoSasta website[...] Please be aware that none of your financial information (Credit Card, Debit Card, NetBanking etc) has been compromised since this information is not stored on SoSasta, as per law."

Chicago-based Groupon bought SoSasta.com from Kolkata-based Friday Media Pvt Ltd for an undisclosed amount, in January. At present, SoSasta.com offers discount deals in 11 cities (Mumbai, Pune, Kolkata, Hyderabad, Delhi, Bengaluru, Chennai, Chandigarh, Ahmedabad, Jaipur and Nagpur).