Groupon leaks entire Indian user database
Patrick Gray writes:
The entire user database of Groupon’s Indian subsidiary Sosasta.com was accidentally published to the Internet and indexed by Google.
The database includes the e-mail addresses and clear-text passwords of the site’s 300,000 users. It was discovered by Australian security consultant Daniel Grzelak as he searched for publicly accessible databases containing e-mail address and password pairs.
Grzelak used Google to search for SQL database files that were web accessible and contained keywords like “password” and “gmail”.
Read more on http://risky.biz/sosasta
The company’s statement to SoSasta.com users is cited in a Gadgets.ndtv article.