There seems to be no end to hacking stories of varying degree doing the rounds recently. And the last thing you need is for websites to accidentally publish user data. That's exactly what seems to have happened to Sosasta.com, an Indian subsidiary of Groupon, which leaked user email addresses and passwords of its 3 lakh strong subscriber base.
According to an AFP report, the Groupon India subsidiary's (Sosasta.com) security breach was highlighted by an Australian security expert, Daniel Grzelak. According to his Twitter update yesterday, he contacted Sosasta.com of the breach and tipped off Risky Biz, a security blog which reported the story. Mr. Grzelak apparently came across the SQL database file containing user data while searching for publicly available databases on Google.[RELATED_ARTICLE]
Sosasta.com informed its users of the accidental leak by putting up an advisory on its Facebook page, pressing them to change the passwords associated with their Sosasta.com username.
Here's Groupon's official statement to the incident -- courtesy Risky Biz.
After being alerted to this issue by an information security expert, we corrected the problem immediately. We have begun notifying our subscribers and advising them to change their Sosasta passwords as soon as possible. We will keep our Indian subscribers fully informed as we learn more.
Groupon acquired Sosasta.com in January 2011.