Tuesday, 28 June 2011

Indian users of Groupon subsidiary face password breach

An Australian security consultant, Daniel Grzelak, discovered an SQL file with over 300,000 usernames and plain text passwords from Sosasta.com by conducting a Google search.
The entire user database of Groupon’s Indian subsidiary Sosasta.com was accidentally published to the Internet and indexed by Google.

The database includes the e-mail addresses and clear-text passwords of the site’s 300,000 users. It was discovered by Australian security consultant Daniel Grzelak as he searched for publicly accessible databases containing e-mail address and password pairs.

Grzelak used Google to search for SQL database files that were web accessible and contained keywords like “password” and “gmail”.

On a side note, this is the same Daniel Grzelak who created, as a side project, shouldichangemypassword.com, a website that allows you to search a database of known-compromised e-mail address and password pairs to see if your password has been compromised.