Savvy Internet surfer Chris Crompton has found a flaw in Groupon’s email link encryption where adding the search term “addx” (exact Google search = allinurl: addx site:groupon.com) brings up about 35 or so emails of people who have subscribed to the Groupon newsletter. I am unable to tell whether these emails are from people who actually purchased the deals or just signed up for Groupon’s over 20 million strong email list.
It looks like this is some kind of Google Analytics tracking flaw for a Groupon marketing campaign, and the emails are from people who have referred deals to others through Groupon’s insecure links. It seems as though when someone clicks on a deal link in a Groupon email and posts it anywhere else online, Google has indexed this sensitive information.
Groupon, which launched its service allowing merchants to create their own deals yesterday, might be suffering some data issues along the lines of what happened to purchase sharing startup Blippy when it exposed credit card numbers through Google search results in April.
I have gotten in touch with Google, Groupon and a few of the people with exposed email addresses about the flaw and will update this post when I hear back.
Update: Groupon Director of Engineering Shinji Kuwayama responds to the issue in the comments section of this post.
“We can see that a number of email addresses — less than 80 — have gotten out into Google’s index, due to having been pasted into publicly-crawlable pages around the Web.
Fortunately, only a tiny fraction of our subscribers are affected, and we’re working directly with Google right now to get our subscribers 100% excluded from both Google’s index and Google’s cache.”
Groupon features a daily deal on the best stuff to do, see, eat, and buy in more than 565 cities around the world. By promising businesses a minimum number of customers, Groupon can offer deals that aren’t available elsewhere. Groupon brings buyers and sellers together in a fun and collaborative way that offers the consumer an unbeatable deal, and businesses a large number of new customers. To date, it has saved consumers more than $300 million and claims it...
Google provides search and advertising services, which together aim to organize and monetize the world’s information. In addition to its dominant search engine, it offers a plethora of online tools and platforms including: Gmail, Maps, YouTube, and Google+, the company’s extension into the social space. Most of its Web-based products are free, funded by Google’s highly integrated online advertising platforms AdWords and AdSense. Google promotes the idea that advertising should be highly targeted and relevant to users thus providing...