BreachExchange mailing list archives
Groupon leaks entire Indian user database
From: security curmudgeon <jericho () attrition org>
Date: Mon, 27 Jun 2011 19:01:49 -0500 (CDT)
---------- Forwarded message ---------- From: Patrick Gray <patrick () dotbob net> http://risky.biz/sosasta Groupon leaks entire Indian user database Dude where's my .sql? By Patrick Gray June 28, 2011 -- The user database of Groupon's Indian subsidiary Sosasta.com was accidentally published to the Internet and indexed by Google. The database includes the e-mail addresses and clear-text passwords of 300,000 users. It was discovered by Australian security consultant Daniel Grzelak as he searched for publicly accessible databases containing e-mail address and password pairs. Grzelak used Google to search for SQL database files that were web accessible and contained keywords like "password" and "gmail". "A few hours and tweaks later, this database came up," he said. "I started scrolling, and scrolling and I couldn't get to the bottom of the file. Then I realised how big it actually was." _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Groupon leaks entire Indian user database security curmudgeon (Jun 30)