Last weekend, Groupon India, i.e. SoSasta’s database was hacked and the company has sent email to all its registered users asking them to change their password immediately.
Here is the email that SoSasta has sent to its registered users:
Hi SoSasta Subscriber,
Over this weekend, we’ve been alerted to a security issue potentially
affecting subscribers of Sosasta. We wanted to let you know that the
issue has been brought under control and your accounts are secure.
However, as a precautionary measure, we recommend that you change your
SoSasta password immediately, by visiting the SoSasta website (Sign-In
using your existing password, then click on Profile followed by Change
Password). If you use the same email/password combination at other
websites, we recommend you change those passwords as soon as possible,
Please be aware that none of your financial information (Credit Card,
Debit Card, NetBanking etc) has been compromised since this
information is not stored on SoSasta, as per law.
Very recently, we covered the advertising madness of SoSasta (which is still fighting a legal battle over the Groupon.in domain name), wherein both SoSasta and LivingSocial (which is entering India) have started advertising without creating landing pages.
With this hacking et al, it raises an important question about most of ecommerce sites – do you really want to do everything-on-your-own (a lot of ecommerce sites still store passwords in plain text)? Why not ‘outsource’ the security to Facebook/Google (Federated) , if you can’t really handle it?
What’s your take?
Related: Payment Gateway CCAvenue Hacked [Updated/Open Questions]