A number of Groupon account owners from the UK have reported compromised accounts and unauthorized transactions in December for expensive holidays and various goods with different drop-off points in London.
When asked to comment, Groupon downplayed the impact of the fraud and denied being hacked. It said fraudsters may have used weak and reused passwords leaked from other breaches.
“What we are seeing is a small number of customers who have had their account taken over by fraudsters,” they announced.
Some users received as many as 20 confirmations of purchases they hadn’t made, reporting the theft of hundreds of thousands of pounds from their bank accounts. Following numerous customer complaints about being unable to reach Groupon’s customer service department, the company announced it will refund all customers with compromised accounts.
“Fraudsters have a number of ways in which they can obtain your login details to a website including phishing e-mails, Trojan attacks, spyware and malware. By using these methods, it’s possible for fraudsters to get customer account information, log in and make purchases,” a spokesperson said. “In this way, customers who have either a weak password or the same password for multiple websites are more prone to attack. In the run-up to Christmas we ask customers to be especially vigilant.”
All Groupon account holders are advised to change passwords, contact Groupon customer support and immediately check their bank accounts for suspicious purchases. To reduce the risks of similar issues, all internet users are advised to create strong and unique passwords, enable two-factor authentication if possible, and not store credit card data on websites they’ve used for transactions.