Reused passwords behind Groupon fraud attack

Groupon says it wasn't hacked, but criminals may be using passwords stolen from other breaches

Groupon has denied it's been hacked following reports that users' accounts are being abused to buy expensive holidays.

Users of the discount site have reported hundreds of pounds missing from bank accounts, with one saying their account was used by a criminal to buy a holiday worth more than 2,400.

Advertisement - Article continues below

Groupon said it hasn't been hacked, claiming instead that the fault lies with fraudsters who have stolen login credentials.

"I can confirm there has been no security breach to our website or mobile app," a spokesperson told Mail Online. "What we are seeing however is a very small number of customers who have had their account taken over by fraudsters."

The spokesperson suggested criminals had stolen the credentials to target its users or tried those leaked from hacked websites, as people often reuse logins and passwords across services.

"Sadly this is often a result of reusing passwords on other sites, when large data breaches happen the hackers or receivers of stolen details will try those details on sites that store or hold your card details," said Mark James, IT security specialist at ESET. "If successful, they may be able to purchase goods using authentication methods already stolen or even in some cases no authentication at all, if the only authentication is the CVC code of your card then it's only a 1 in 1,000 chance to get it right."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"With so much of our data being stolen these days it's imperative you keep an eye on your emails and financial statements for any suspect transactions," he added.

If reused passwords are the issue, users should carry some of the blame, noted Jonathan Sander, VP of product strategy at Lieberman Software.

"Groupon was not breached as far as we know," he said. "If Groupon users decided to do what every security expert on earth, and likely every other service the user interacts with has told them again and again not to do use the same password for many websites and services then how can the user expect anything but these terrible results?" 

While users would be wise to finally heed that advice and stop reusing passwords across sites, security experts pointed out that the Groupon fraud highlights how a breach at one company can lead to losses at another. "The issues experienced by Groupon customers show how a data breach can have far-reaching consequences that affect more than just the company that was initially attacked," said Lee Munson, security researcher at Comparitech.com.

Advertisement - Article continues below

Reports on MoneySavingExpert suggested customer reports were taking as long as ten days to be addressed, with others saying there was no-one to report fraud to out of regular working hours. "As with any major online retailer, we take fraud extremely seriously and have a dedicated team to investigate customer issues as soon as they are reported," Groupon said.

If you have reused a password on Groupon, it's worth refreshing it now, and checking if your account has been compromised. If you have been a victim of such fraud, Groupon has said it will refund any money lost. You can report any concerns to Groupon's Customer Support.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020
BlackRock banking Trojan targets Android apps
trojans

BlackRock banking Trojan targets Android apps

27 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020