Information Security News mailing list archives
Groupon leaks entire Indian user database
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 29 Jun 2011 00:06:21 -0700 (MST)
http://risky.biz/sosasta By Patrick Gray Risky.biz June 28, 2011The entire user database of Groupon's Indian subsidiary Sosasta.com was accidentally published to the Internet and indexed by Google.
The database includes the e-mail addresses and clear-text passwords of the site's 300,000 users. It was discovered by Australian security consultant Daniel Grzelak as he searched for publicly accessible databases containing e-mail address and password pairs.
Grzelak used Google to search for SQL database files that were web accessible and contained keywords like "password" and "gmail".
"A few hours and tweaks later, this database came up," he said. "I started scrolling, and scrolling and I couldn't get to the bottom of the file. Then I realised how big it actually was."
[...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/
Current thread:
- Groupon leaks entire Indian user database InfoSec News (Jun 29)