Groupon, which acquired Sosasta in January, said in a statement: "Sosasta runs on its own platform and servers, and is not connected to Groupon sites in other countries. This issue does not affect data from any other country or region." In light of recent E-mail spills from Epsilon and Sony, maybe it's a good thing that Groupon hasn't had time to properly integrate a new acquisition. And with the new data-privacy rules that India has enacted since Groupon bought Sosasta, at least now Groupon knows it has a problem.
Groupon's subsidiary in India, Sosasta, has exposed the E-mail addresses and unencrypted passwords of all 300,000 of its users. The Sosasta user database was found on the Internet by Australian security consultant Daniel Grzelak, who was using ordinary Google searches to hunt for exposed databases. Grzelak notified Groupon last Thursday (June 23), and the company said it immediately locked down the database and began notifying subscribers.