Groupon Indian subsidiary Sosasta.com has contrived to leak its entire user database online.
It appears the database, which includes e-mail addresses and clear-text passwords of some 300,000 users, may have been published on the web by mistake. Later reports state the outfit was the victim of a hack but we have found no evidence of that.
In a statement, Sosasta said: "Over this weekend, we've been alerted to a security issue potentially affecting subscribers of Sosasta. We wanted to let you know that the issue has been brought under control and your accounts are secure. However, as a precautionary measure, we recommend that you change your SoSasta password immediately, by visiting the SoSasta website (Sign-In using your existing password, then click on Profile followed by Change Password). If you use the same email/password combination at other websites, we recommend you change those passwords as soon as possible, too."
Australian security consultant Daniel Grzelak (opens in new tab) said he stumbled across the leaked data searching for databases containing e-mail address and password pairs. The data had already been indexed by Google.
"This database came up," he said (opens in new tab). "I started scrolling, and scrolling and I couldn't get to the bottom of the file. Then I realised how big it actually was."