Groupon leaks entire Indian user database

Patrick Gray writes:

The entire user database of Groupon’s Indian subsidiary was accidentally published to the Internet and indexed by Google.

The database includes the e-mail addresses and clear-text passwords of the site’s 300,000 users. It was discovered by Australian security consultant Daniel Grzelak as he searched for publicly accessible databases containing e-mail address and password pairs.

Grzelak used Google to search for SQL database files that were web accessible and contained keywords like “password” and “gmail”.


The company’s statement to users is cited in a Gadgets.ndtv article.

About the author: Dissent

Comments are closed.