Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Fraudsters are stealing money from several Groupon users

Many Groupon customers reported massive theft after crooks have placed orders in their name by using victims’ credentials likely retrieved elsewhere. Fraudsters are targeting Groupon users stolen thousands of pounds from their bank accounts. Many customers reported a massive theft after crooks placed orders in their name by using victims’ credentials likely retrieved elsewhere. Hackers take over the […]

Fraudsters are stealing money from several Groupon users

Many Groupon customers reported massive theft after crooks have placed orders in their name by using victims’ credentials likely retrieved elsewhere.

Fraudsters are targeting Groupon users stolen thousands of pounds from their bank accounts. Many customers reported a massive theft after crooks placed orders in their name by using victims’ credentials likely retrieved elsewhere.

Hackers take over the Groupon users’ accounts and place expensive orders, in one case the theft reached over £2,420.

Cyber criminals targeted customers of the online voucher service paying for holiday, gaming consoles (i.e. PlayStation 4) and iPhone with the hacked accounts. Below some of the messages posted on twitter by the victims:

Of course, Groupon users are blaming the company for failing to detect the fraudulent activities, in many cases customers that have reported the suspicious transactions did not receive a response for several days.

Groupon clarified that its users are not at risk because its systems had been hacked, it confirms that fraudulent transactions were carried with account credentials stolen elsewhere, for example in one of the numerous massive data breaches recently occurred.

“What we are seeing is a very small number of customers who have had their account taken over by fraudsters,” said a spokesman for the company cited by the Telegraph. “As with any major online retailer, we take fraud extremely seriously and have a dedicated team to investigate customer issues as soon as they are reported.

“If someone believes they’ve been a victim of a fraudulent attack, we investigate it and if confirmed – block the account immediately and refund the customer’s money back to them.”

As usual, let me suggest to use strong passwords and never share them among multiple web services. When a service provides a two-factor authentication mechanism you have to enable it.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Groupon account hacked, cybercrime)