The Indian subsidiary of online deals giant Groupon has accidentally published email addresses and passwords from its subscriber database, the company and reports said Wednesday.
Sosasta, an online discount portal acquired in January 2011, informed its subscribers Tuesday and posted a message on its Facebook page asking users to "change your Sosasta password immediately."
Daniel Grzelak, founder of the Internet security website shouldichangemypassword.com, found the security breach while running a Google search for publicly available databases of email addresses and passwords.
"A few hours and tweaks later, this database came up," he told the Internet security site risky.biz, which said SoSasta's database contained information on 300,000 people.
Groupon said it would review Sosasta's security procedures thoroughly and put in place "measures designed to prevent this kind of issue from recurring."
"Groupon takes security and privacy very seriously. Our users' trust is of paramount importance to us and we deeply regret this incident," the firm said. "This issue does not affect data from any other country or region."
Posts
