Groupon is a terrific way to discover new things to do and places to eat, and even score deals on merchandise. If your password habits aren’t the best it’s also a convenient way for fraudsters spend your hard-earned money.
Image: Lee Mathews/Forbes
Over in England, scores of Groupon users have been blindsided by purchase notifications from the site. Those notifications, however, weren’t prompted by purchases they made themselves. Someone else had gained access to their accounts and had gone on a shopping spree.
Given all the large-scale hacks you’ve been reading about (like Yahoo’s billion-user breach), you might think that this kind of criminal activity was the result of an attack on Groupon’s systems. That’s not the case, however.
Groupon’s servers haven’t been compromised, according to a company rep who spoke with MailOnline. Scammers have simply started using email address and password combinations that leaked in other incidents to gain access to Groupon users’ accounts.
Criminals have been ordering goods (including iPhones and iPads) and having them dropped off at locations around London. Some users have seen their accounts dinged for more than $1200 in fraudulent purchases.
An Ounce Of Prevention
Sites like Groupon strive to make the checkout process as simple as possible for their users. Any time you let a site store credit card information on a site that lets you make purchases without confirming at least some of that card data you’re putting yourself in a tenuous position.