Slashdot Mirror

← Back to Stories (view on slashdot.org)

Groupon Deal of the Day: 300,000 Customer Accounts

Posted by samzenpus on Wednesday June 29, 2011 @05:11AM from the good-deal dept.

itwbennett writes "The customer database of Groupon's Indian subsidiary was published, unsecured and unencrypted, on the company's site for long enough to indexed by Google. Australian security consultant Daniel Grzelak, Tweeted the news and also notified Groupon, which 'was amazing at providing a swift and full response,' Grzelak said on Twitter. 'They deserve credit for their reaction.'"

2 of 90 comments (clear)

Min score:

Reason:

Sort:

Re:Credit Where Credit Is Due by ByOhTek · 2011-06-29 05:54 · Score: 3, Interesting

In general practice, things that target cheapskates for money tend to be *very* poor quality in any area where dropping quality shaves off a buck of cost - the profit margins tend to be low, and every saved dollar is necessary. Better to stay in business until caught, than make no profit at all.

--
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
Re:Credit Where Credit Is Due by ByOhTek · 2011-06-29 05:58 · Score: 3, Interesting

bullshit on #2.
I admin a closed sourced app with a web portal, and I can tell you the passwords are damn well hashed and salted. It doesn't take much having to fiddle around with the various data files enough in the lines of customizing things, to see where and how the passwords are stored.
In other cases, where the database is used to store this, the user account table(s) in the database usually have a cryptically named column such as "pass", "pass _hash", etc. that couldn't have anything to do with the password...

--
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).