[Update: Database leaked] Groupon India website vulnerable, asks users to change passwords

According to an email sent out by Groupon India they have asked users to change their passwords due to a possible security breach found. The website has assured users that no financial information was leaked.
Written by Manan Kakkar, Contributor

Within weeks of being operational, Groupon India has been hacked.

In an email sent out to some of their users, SoSasta has said that they've been informed about a possible security breach. According to tweets from users, the email was not sent to all users. (I did not get it either.) SoSasta is an Indian based group buying website that was acquired by Groupon as part of their global expansion plans. As of now Groupon India (SoSasta) is offering deals in 11 Indian cities. The email sent out by SoSasta categorically states that sensitive financial details (Credit Card, Debit Card information) was not leaked. The email has been shared by Techie Buzz:

Hi SoSasta Subscriber,

Over this weekend, we’ve been alerted to a security issue potentially affecting subscribers of Sosasta. We wanted to let you know that the issue has been brought under control and your accounts are secure. However, as a precautionary measure, we recommend that you change your SoSasta password immediately, by visiting the SoSasta website (Sign-In using your existing password, then click on Profile followed by Change Password). If you use the same email/password combination at other websites, we recommend you change those passwords as soon as possible, too.

Please be aware that none of your financial information (Credit Card, Debit Card, NetBanking etc) has been compromised since this information is not stored on SoSasta, as per law.

If you have any concerns or find any unusual changes in your SoSasta account, please contact our Customer Support team as soon as possible at 1800 103 2111 between 9.30 a.m. and 6.30 p.m. IST, Monday to Saturday so that we can review your account.

You should know that we are working aggressively to prevent this from happening again. Sosasta takes security and privacy very seriously — it’s important to us to provide you with a safe shopping experience of the highest quality, and we will do everything possible to keep your trust. Please accept our apology for any inconvenience or concern we’ve caused.


SoSasta Customer Support

SoSasta's official twitter account has not shared any details and I am waiting for a reply from the company. In the meantime, it would be a good idea to change your passwords.

Update: @student154 pointed me to an article on Risky.Biz where the author was contacted by Daniel Grzelak, an Australian security expert, about the SoSasta website breach. Grzelak shared a screenshot of SoSasta's database indexed by Google. Patrick Gray of Risky Biz contacted Groupon CEO Andrew Mason and corrective action was taken. Credit where credit is due, Grzelak's action are commendable.

Editorial standards