Various outlets are reporting that Groupon accounts have been compromised and criminals are stealing thousands of dollars from Groupon users. Groupon itself claims that the company did not suffer a data breach directly, but that criminals probably gained access to Groupon accounts by using data stolen in other breaches. For example, if you have used the same credentials for a breached Yahoo account as you have for Groupon, the criminals could easily access the Groupon account. This gives them access to the bank account they will then use to purchase the desired goods and services.
This is a good example of why everyone should follow best practices on both personal and company accounts. Here's a quick review of what you should do:
- Review all of your online accounts to make sure you are not using the same credentials for more than one account.
- If your credentials may have been stolen in a breach, change those credentials immediately.
- User two-factor authentication wherever possible.
- Review all of your accounts for any suspicious activity.
- Avoid clicking on links or downloading attachments from suspicious emails.
- Do not give out personal or sensitive information in response to an unsolicited or suspicious email.
The Groupon breach adds to 2016’s long list of cyber security attacks. Even though, in this instance, the hackers used login details retrieved elsewhere, it demonstrates that another organization can be impacted by a seemingly separate crime. Unfortunately some organizations still think they have time to wait until they become a target or they believe they can weather the storm. Organizations need to be prepared. Whoever does not wear a raincoat AND have an umbrella to hand these days will get wet.
To reiterate, Groupon users should review all of their online accounts to make sure they are not using the same credentials across multiple accounts. This includes security questions that may have been compromised. It’s important that any information that may have been stolen is no longer used. Attackers routinely will look for users’ information on other websites, so it’s important to ensure that passwords are changed across as many accounts as possible.
Barracuda provides a full suite of security, storage, and productivity solutions for companies of all sizes. For more information, visit our corporate site here.