Hot topics

ecommerce

Comment

Groupon Exposes Customer Emails In Google Results…Again

Ingrid Lunden

View Staff Page

Ingrid is a reporter for TechCrunch, joining February 2012, based out of London. She comes from paidContent.org, where she was a staff writer, and has in the past also written freelance regularly for other publications such as the Financial Times. Ingrid covers mobile, digital media, advertising and the spaces where these intersect. When it comes to work, she feels most... → Learn More

Thursday, June 28th, 2012
Comments
Screen shot 2012-06-29 at 06.47.30

A while back we wrote about a flaw in Groupon’s email link encryption, which revealed the emails of some Groupon users when “addx” was added into a Google search of Groupon’s site. We’ve been alerted that is still happening, with about 170 emails coming up when we searched (last time around it was less than 80).

When this last happened, Groupon director of engineering Shinji Kuwayama told us that the emails were made public because some subscribers had “pasted their deals into publicly-crawlable pages around the Web,” but also that it was working on a solution to exclude those results. So why these are appearing now is unclear. We’re contacting Groupon to see if there is an explanation.

To put this in one kind of perspective, the number of emails here is a very small percentage of Groupon’s overall active customer base, reported as 36.9 million users its last quarterly results in May. The company’s email subscriber list will number in the hundreds of millions.

On the other hand, not everyone wants their browsing or purchasing histories, linked to their email addresses, made public. Even with that small number, it’s bad privacy PR for Groupon, which has ambitions to go beyond the daily deal to become a wider e-commerce platform.

From what I’ve seen so far, the search results (found by entering allinurl: addx site:groupon.com in a Google search) all appear to be from deals that expired in 2011 and earlier. That might sound out of date, but our tipster, Robby Delaware, noted to us that even starting simple searches on those addresses can lead to more information about those users. Delaware has also used Twitter to alert Groupon’s Andrew Mason about the issue. The email leak has also been noted on a GetSatisfaction page for Groupon.

Also: this seems to be limited to Google searches; entering the same search string into Bing and Topsy produce no results.


Crunchbase

Company: Groupon
Website: groupon.com
Launch Date: November 11, 2008
IPO: July 11, 2011, NASDAQ:GRPN

Groupon features a daily deal on the best stuff to do, see, eat, and buy in more than 565 cities around the world. By promising businesses a minimum number of customers, Groupon can offer deals that aren’t available elsewhere. Groupon brings buyers and sellers together in a fun and collaborative way that offers the consumer an unbeatable deal, and businesses a large number of new customers. To date, it has saved consumers more than $300 million and claims it...

→ Learn more
Tags: , , , ,