Users of Groupon, the deals website, claim to have lost thousands of pounds after their accounts were compromised by hackers.
According to the Telegraph, hacked users have lost thousands of pounds as a result of the attackers using their accounts to buy things like holidays and Playstation games consoles on their accounts.
“Someone hacked my Groupon account and bought a $3,000 European vacation”, says one pooped on Groupon user. “My Groupon account got hacked into at 4am this morning. Someone has bought themselves an iPhone 6 among other products”, added another.
However, go back to November, according to some reports, with some users complaining that the company has been slow to respond – or reacted at all.
Ok it’s been five days since someone hacked my @Groupon_UK account and groupon STILL haven’t helped me despite countless emails to them! — Samantha King (@SamMKing27) December 20, 2016
It did react to the Telegraph, though, implying that it was users’ fault for having weak passwords.
“What we are seeing is a very small number of customers who have had their account taken over by fraudsters. As with any major online retailer, we take fraud extremely seriously and have a dedicated team to investigate customer issues as soon as they are reported,” said a spokesperson for the company.
“If someone believes they’ve been a victim of a fraudulent attack, we investigate it and, if confirmed, block the account immediately and refund the customer’s money back to them.”
However, the suggestion to use “strong” passwords is easier said than done when companies themselves expose users user names and passwords.
“With the massive data breaches announced last week by Yahoo – remember it was one billion accounts – it has never been more important to use different passwords on every site and use two-factor authentication where possible,” said Richard Meeus, vice president of technology, EMEA, at security company NSFOCUS.
“Using the same user name and password on every site should not be happening any more. We need to change user apathy towards passwords, and maybe also get website owners to be more proactive in supporting their customers by checking their user databases against the lists of breached accounts.”