Groupon leaks entire Indian user database

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: Patrick Gray <patrick () dotbob net>

http://risky.biz/sosasta

Groupon leaks entire Indian user database
Dude where's my .sql?

By Patrick Gray

June 28, 2011 -- The user database of Groupon's Indian subsidiary 
Sosasta.com was accidentally published to the Internet and indexed by 
Google.

The database includes the e-mail addresses and clear-text passwords of 
300,000 users. It was discovered by Australian security consultant Daniel 
Grzelak as he searched for publicly accessible databases containing e-mail 
address and password pairs.

Grzelak used Google to search for SQL database files that were web 
accessible and contained keywords like "password" and "gmail".

"A few hours and tweaks later, this database came up," he said. "I started 
scrolling, and scrolling and I couldn't get to the bottom of the file. 
Then I realised how big it actually was."
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/