More than two dozen Groupon customers this month are reporting on Twitter instances of their Groupon accounts being compromised, followed by fraudulent charges.
In July alone, 27 customers of the discount site have tweeted that their accounts have been compromised or "hacked." This is nearly twice the amount customers tweeted about their accounts being compromised in any previous month since April.
In each case, customers received an automated Groupon alert that the e-mail address associated with their account had changed, then discovered fraudulent charges on their credit or debit cards linked to the account. Most had difficulty reporting the issue to Groupon, since the link the company provides to dispute the changed e-mail requires that the user log in with their now-changed credentials. Some users were able to log in with the Facebook sign-in feature, removing their payment information from the service and canceling any orders placed. In many cases, hundreds of dollars worth of merchandise were charged to their accounts before the fraud was caught.
Fraud detection company IDT911 said that while the social media activity is reminiscent of the beginnings of fraud fallout from other data breaches, the sampling is currently too small to indicate a larger trend.
"Is it possible? Yes. Is it definitive? No," said Adam Levin, founder of IDT911. It's also possible the affected customers' data was compromised in some unrelated incident, he said. The firm will continue to follow related activity.
Groupon spokesperson Bill Roberts said in an e-mail that the company has seen "absolutely no evidence of a breach," nor has it seen an increase in compromised accounts. He said account breaches often happen because of login credentials compromised on another site, and noted that accounts are locked down until customers can provide updated login credentials.
Yet, several victims say, they have not detected any other fraudulent activity associated with their other online retail accounts.
"It is incredibly unsettling," said Kristin Barrali of Boston, who was first alerted that her Groupon account might have been compromised when she received an e-mail from the company saying her account information had changed.
Days later, she discovered her credit card was used to fraudulently purchase $4,000 in computer equipment shipped to an address in Southern California. The Glendale Police Department is investigating the case. It's unknown if the recipient of the packages is connected to other instances of other instances of Groupon customers reporting fraud.
Another Groupon customer in Boston, Kelsey Jarboe, said her account was compromised and $450 worth of fraudulent charges were made July 10. Her account information was also changed, making it difficult to log into Groupon’s help center. "I check my bank statements every day because, like a lot of people, I live paycheck-to-paycheck," says Ms. Jarboe. "I keep a very close eye on what I have. And if that weren’t the case, I might not have noticed right away."
Groupon shutdown her account the next morning and refunded her money.
The process wasn’t that simple for Dennis Rodrigo, a Groupon customer from Staten Island, whose account was compromised July 13. The day before, Mr. Rodrigo gave his landlord a rent payment and checked the next morning see if it had cleared. Instead, he found that $300 in perfume and two Apple TVs were charged to his account, reducing his balance so much that the rent check wouldn't clear.
"My landlord doesn't care if Groupon [had issues]," he said.
It took him more than 12 hours to get the money back into his account, which Rodrigo said his bank fronted him because Groupon would not confirm to the bank that fraud had occurred. Later, his wife received an e-mail saying the items had shipped to an address in Texas.
As a result of the recent flurry of hacking reports, many customers say they will stop using Groupon. Sue Kim says someone broke into her account June 7. Soccer tickets totaling $100 were charged to the Washington resident's account, which took a day to sort out.
"I’m not inclined to go back and create a new account," she said. "Or if I were, I’d probably be more leery about it."