Indian Groupon laid out a database with passwords of 200,000 users
The entire database of users of SoSasta.com (Indian clone Groupon, purchased by an American company in January 2011) accidentally hit the open access and was indexed by Google. The database includes postal addresses and passwords in the clear of 204,926 users.
The database was discovered by Australian web developer David Grzhelak during a routine Google search for
David reported the find to his friend with Risly.biz , who wrote a letter to the American Groupon. Within 24 hours, executive director Andrew Mason called him back to find out the details. The database itself was immediately removed from open access, and an internal investigation was launched at SoSasta.
')
Only three days after the incident (that is, yesterday), SoSasta decided to send letters to its users mentioning the potentially dangerous “security issue” and recommending changing passwords. Groupon published an official statement , especially without advertising it - of course, there is no need for a loud company scandal. The statement emphasizes that Indian SoSasta works on its own platform and servers and is in no way affiliated with Groupon units in other countries.
David Grželak is constantly monitoring databases with passwords in the Google index, now there are several thousand of them and he keeps track of new arrivals. According to him, Sosasta has become the largest base that he has ever come across.
Grzhelak is engaged in the development of games, and as a hobby is the site ShouldIChangeMyPassword.com , where he puts email addresses after known hacks so that users can search themselves in leaked data. Now there are 1.3 million records from the last 17 major hacks, including all LulzSec hacks, of the Mt. Gox and Gawker ( list ). SoSasta is now there.
The database was discovered by Australian web developer David Grzhelak during a routine Google search for
filetype:sql hotmail gmail password .David reported the find to his friend with Risly.biz , who wrote a letter to the American Groupon. Within 24 hours, executive director Andrew Mason called him back to find out the details. The database itself was immediately removed from open access, and an internal investigation was launched at SoSasta.
')
Only three days after the incident (that is, yesterday), SoSasta decided to send letters to its users mentioning the potentially dangerous “security issue” and recommending changing passwords. Groupon published an official statement , especially without advertising it - of course, there is no need for a loud company scandal. The statement emphasizes that Indian SoSasta works on its own platform and servers and is in no way affiliated with Groupon units in other countries.
David Grželak is constantly monitoring databases with passwords in the Google index, now there are several thousand of them and he keeps track of new arrivals. According to him, Sosasta has become the largest base that he has ever come across.
Grzhelak is engaged in the development of games, and as a hobby is the site ShouldIChangeMyPassword.com , where he puts email addresses after known hacks so that users can search themselves in leaked data. Now there are 1.3 million records from the last 17 major hacks, including all LulzSec hacks, of the Mt. Gox and Gawker ( list ). SoSasta is now there.
Source: https://habr.com/ru/post/122915/
All Articles