Groupon Deal of the Day: 300,000 Customer Accounts

← Back to Stories (view on slashdot.org)

Groupon Deal of the Day: 300,000 Customer Accounts

Posted by samzenpus on Wednesday June 29, 2011 @05:11AM from the good-deal dept.

itwbennett writes "The customer database of Groupon's Indian subsidiary was published, unsecured and unencrypted, on the company's site for long enough to indexed by Google. Australian security consultant Daniel Grzelak, Tweeted the news and also notified Groupon, which 'was amazing at providing a swift and full response,' Grzelak said on Twitter. 'They deserve credit for their reaction.'"

6 of 90 comments (clear)

Min score:

Reason:

Sort:

Credit Where Credit Is Due by jimmerz28 · 2011-06-29 05:13 · Score: 5, Insightful

I guess they also "deserve credit" for allowing it to occur in the first place?
1. Re:Credit Where Credit Is Due by phantomfive · 2011-06-29 05:21 · Score: 4, Insightful
  
  Exactly. If you really stretch, putting the user-names online could be considered an (unusually bad) accident. But storing unhashed passwords anywhere is inexcusable. This is basically an announcement to the world that they have no security practices whatsoever.
  
  --
  "First they came for the slanderers and i said nothing."
2. Re:Credit Where Credit Is Due by Qzukk · 2011-06-29 06:12 · Score: 4, Insightful
  
  2) unless the site backend is open source, you don't even know whether passwords are hashed unless it gets hacked
  I tell it I forgot my password. If it emails the password back to me, it's stored as good as plain text. Then I change it to line noise and never go back.
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
Yay? by Daetrin · 2011-06-29 05:23 · Score: 3, Insightful

Well the one good thing we definitely seem to have gotten out of the Sony fiasco is the corporate realization that any company with a significant "social" or consumer side is much better off announcing at least some details as quickly as possible as soon as they realize they've been hacked.

One hopes that those same corporations have _also_ learned that better security is necessary, but even if they have we're not going to see the effects of _that_ lesson for awhile.

--
This Space Intentionally Left Blank
They deserve credit? by zill · 2011-06-29 05:29 · Score: 3, Insightful

'They deserve credit for their reaction.'
That's like saying if I quickly pull the knife out after stabbing someone, I deserve credit for my quick reaction.
Re:Oh for the love of ! by JonySuede · 2011-06-29 06:21 · Score: 3, Insightful

I feel like I am into bizzaro world as this phrase now evaluate to true....

--
Jehovah be praised, Oracle was not selected