Although the hack is not yet confirmed but SoSasta has been apparently been sending e-mails to its users to change their passwords stating that its user database has been hacked.
SoSasta, which was launched in November 2010 and acquired by Groupon in Jan this year, currently offers deals in 11 different cities across India.
We have contacted SoSasta for confirmation and will update the post once we’ve heard back.
(Thanks Raxit for the tip!)
Update: The email SoSasta had sent to its subscribers include:
Over this weekend, we’ve been alerted to a security issue potentially affecting subscribers of Sosasta. We wanted to let you know that the issue has been brought under control and your accounts are secure. However, as a precautionary measure, we recommend that you change your SoSasta password immediately, by visiting the SoSasta website.
Please be aware that none of your financial information (Credit Card, Debit Card, NetBanking etc) has been compromised since this information is not stored on SoSasta, as per law.
If you have any concerns or find any unusual changes in your SoSasta account, please contact our Customer Support team as soon as possible at 1800 103 2111 between 9.30 a.m. and 6.30 p.m. IST, Monday to Saturday so that we can review your account.
Update 2: Sosasta has confirmed the hack and said the problem has now been resolved. It said:
Thank you for reaching out to us! Our website has been hacked and all usernames & passwords have been likely stolen. However this problem is been resolved.
Groupon also released an official statement on the SoSasta Security issue stating:
On Friday morning India time (Thursday night Central US time), Groupon was alerted to a security issue potentially affecting subscribers of SoSasta, a website acquired by Groupon in January 2011. Groupon issued the following statement regarding the issue:
After being alerted to this issue by an information security expert, we corrected the problem immediately. We have begun notifying our subscribers and advising them to change their SoSasta passwords as soon as possible. We will keep our Indian subscribers fully informed as we learn more. SoSasta runs on its own platform and servers, and is not connected to Groupon sites in other countries. We are thoroughly reviewing our security procedures for SoSasta and are implementing measures designed to prevent this kind of issue from recurring. This issue does not affect data from any other country or region.
Groupon takes security and privacy very seriously. Our users’ trust is of paramount importance to us and we deeply regret this incident.