BreachExchange mailing list archives
Groupon subsidiary leaks 300K logins, fixes fail, fails again
From: security curmudgeon <jericho () attrition org>
Date: Thu, 30 Jun 2011 13:41:24 -0500 (CDT)
http://infosecmedia.org/groupon-subsidiary-leaks-300k-logins-fixes-fail-fails-again/ Posted by Lewis on Jun 30th, 2011 Groupon subsidiary leaks 300K logins, fixes fail, fails again Digital discount site Groupon is well known in the USA, but operates through subsidiaries in other parts of the world. The company recently acquired Indian digital discount operator SoSasta, which operates a separate India-specific website under the SoSasta name. If you.re not familiar with the idea, you bid via the site to buy discounted items: mail-order underwear in St John.s, Canada, for example; or a meal at the Hilton Hotel in New Delhi, India. Once a minimum quota of bids is reached, all bidders get charged at the discounted price. Of course, bidding via the site means that you need an account with the site, which means a username and password. That means the site needs an authentication system. And that.s where SoSasta fell down. Earlier this week, Sydney security researcher Daniel Gzrelak - the guy I wrote about last week who opened the handy password-breach-checking site shouldicheckmypassword.com - was doing Google searches against a range of on-line merchants to look for potential database leakage. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Groupon subsidiary leaks 300K logins, fixes fail, fails again security curmudgeon (Jul 04)