After logging in to his account, a Groupon customer noticed that the information he was presented with actually belonged to someone else with the same name. He was able to access the other accountholder’s address information, the last four digits of his credit card, expiration date and the name of the bank that issued the card.
Stephen Pipino told CNET that he tried numerous times to log in and out of his account, but each time he was presented with the same information. He contacted the other Pipino and alerted him on the issue.
The same man noticed other irregularities on the Groupon site. He claims that unlike other websites that ask for the user’s permission before storing his/her credit card details, the deal-finder site records the data without notifying the customer.
“I've never bought something on a Web site where they stored the credit card data unless they had asked me to store it,” he explained.
According to the same source, Pipino is not some random customer, instead he is a security expert who knows what he is talking about.
When confronted with the incident, Julie Mossler, Groupon spokeswoman revealed:
This was an isolated incident and a case of human error which inadvertently merged two accounts by users of the same name. No other Groupon customers' accounts have been compromised.
We've frozen the account in question, will separate the two and take care not to repeat this error in the future. We also apologize to both customers for potentially causing any stress.
Hopefully, Groupon representatives are right and this is an isolated incident, but if the security expert is correct, then some work still needs to be done in the site's security and privacy section.