back to article Mystery database left open turns out to be at heart of a huge Groupon ticket fraud ring

We have a new twist on the "researchers find unprotected public-facing cloud-hosted database" story, as one recently uncovered archive turned out to be at the heart of a years-long fraud operation. The folks at VPNmentor said they were confused when first encountering a mystery database that contained details on scores of …

  1. Blockchain commentard Silver badge

    The moral of this story is that there is no honour amongst thieves!!!

    1. teknopaul Silver badge

      Including groupon...

      Buying in bulk for a discount and selling for more than that, is the biz model of both groupon amd the "fraudsters" in this case.

      1. Jim Mitchell

        Buying in bulk and selling for more is the business model for just about everybody.

        1. gerdesj Silver badge

          Buying in bulk and adding value and selling for more is the business model ...

          Ideally.

          1. Jim Mitchell

            It would be nice to live in an ideal world.

  2. ArrZarr Silver badge

    The public access may have been an extra layer of security(?) for the group using the accounts. Having the database open means you don't have specific logins that would be additional information for anybody trying to trace back to the nefarinites running it.

    1. Alister Silver badge
      Thumb Up

      nefarinites

      You made that up! But it so should be a word.

      1. Pascal Monett Silver badge
        Coat

        It is now

      2. Zack Mollusc

        surely necentigrades ?

    2. c1ue

      Not really clear why having an unsecured instance is more secure from an opsec perspective.

      After all, someone is paying for that instance, no?

      1. ArrZarr Silver badge

        one account paying for the instance is less difficult to obscure than multiple accounts that have been granted access to the bucket. There would also be somebody paying for the instance either way.

      2. Crazy Operations Guy Silver badge

        Yeah, but the person paying may not actually be aware that they are paying for it. The fraudsters could be using a stolen credit card to pay for hosting, or just hijacking someone's cloud account. I've seen more than a few occasions of employees of large corporations throwing their own instances in with the company's massive fleet, I wouldn't be surprised if some of those were used for nefarious purposes.

  3. Anonymous Coward
    Anonymous Coward

    How do you resell a Groupon voucher? They normally expire pretty quickly.

    1. lglethal Silver badge
      Go

      To explain...

      They used the voucher to purchase discount tickets in large quantities and then scalped them for a higher price.

      They werent selling the vouchers themselves.

      1. NeilPost Bronze badge

        Re: To explain...

        But surely if the tickets had full resale value they would not have ended up on the Cloud-shitbin that is Groupon in the first place ???

  4. lglethal Silver badge
    Trollface

    "The moral of the story is, as always, keep track of your cloud database instances and always make sure public access is disabled. "

    Unless of course your a criminal, in which case, by all means leave it open for the world to see. And dont follow any of the suggestions listed in this document. Just continue on as before. Thanks very much...

    1. teknopaul Silver badge
      Facepalm

      Yeah if you are _a criminal_ it makes perfect sense to knock out tech as fast as you can spending as little on security as possible until...

      Hang on?

  5. Jimmy2Cows Silver badge
    Holmes

    Fake accounts? You sure?

    Even more curious, when the team tried to track down the owners of the exposed email addresses, they got few responses, indicating the vast majority were fake accounts.

    Sounds a tad hyperbolic. Perhaps equally likely is these days fewer people respond to emails along the lines of "Your account has been hacked. Please confirm your email address." or however their "tracking" effort went, thus severly limiting responses from owners of exposed email addresses.

    1. Korev Silver badge

      Re: Fake accounts? You sure?

      I get "threats" including the (old) password to the address I use for Last.fm which to the uninitiated could look very threatening.

      1. Roland6 Silver badge

        Re: Fake accounts? You sure?

        I would love to have a simple way of populating Chrome's password store with fake logins (real login in password manager), as I suspect that some webpage malware has been able to access the password store - given the old passwords that I'm threatened with.

        1. waldo kitty
          Boffin

          Re: Fake accounts? You sure?

          I would love to have a simple way of populating Chrome's password store with fake logins (real login in password manager), as I suspect that some webpage malware has been able to access the password store - given the old passwords that I'm threatened with.

          why use malware to access and decrypt some local password storage when one only need to use an "invisible" iframe and embed a ftp link which causes the browser to use the user's configured name and password? that's an old method, though, and it doesn't really work any more with modern browsers... it wasn't quite that easy, either, but it is the gist of the method that i'm conveying without going into too much detail...

          remember, there are some very sneak bastards out there in the ethers...

    2. Roland6 Silver badge

      Re: Fake accounts? You sure?

      >Even more curious, when the team tried to track down the owners of the exposed email addresses, they got few responses, indicating the vast majority were fake accounts.

      I wonder if the team tried them against Troy Hunt's Have I Been Pwned DB.

      Certainly, this adds a new dimension to Have I Been Pwned, a DB of known fake email addresses and associated passwords that have been used by criminals...

  6. Chris the bean counter

    Groupon insider

    This just seems bizarre hard work. 20,000 accounts and payments?

    Maybe a GroupOn insider involved? Seems more likely explanation.

  7. Anonymous Coward
    Anonymous Coward

    "people still use this voucher biz – who knew?"

    What surprises me more is that Groupon didn't die to to a lack of new *businesses* signing on. It became clear years ago that Groupon had hugely oversold many the idea that all those people they'd get through the door with (in effect) loss-leaders would become upsellable repeat customers, when the reality was that most were only interested in getting as much as they could as cheaply as possible from them before moving on to the next Groupon.

    Having had their business disrupted by Groupon shoving way more customers than they could handle through their door (another problem IIRC), disrupting their regular- and profitable- business and clientele with nothing to show for it but way more losses than expected and Groupon adding insult to injury by taking their cut... well, you'd assume that most who hadn't already been burned would have learned from others.

    From what I remember, it was generally considered that the only businesses Groupon was considered a sensible idea for- if any- were those who ran services, classes and so on that had larger or more malleable profit margins and where a significant proportion of buyers were likely to end up not using the vouchers they'd purchased. Or those with a large amount of some arbitrary thing that they needed to shift but could afford to discount significantly.

    1. waldo kitty
      Facepalm

      Re: "people still use this voucher biz – who knew?"

      this reminds me of those laughable TV ads for discount sites... the ones where the the people are saying things like "i made $900" and similar... this goes for those credit cards ads that do the same thing touting their "cash back" offers... the folks falling for these come-ons didn't "make" anything... they simply saved it... maybe...

  8. theExecutive

    Internet Facing for a reason

    Then you can access it from anywhere, and not provide credentials ... simples.

  9. holmegm Bronze badge

    What's the crime again? I didn't read super closely, granted, but why is buying low and selling high a crime?

    1. EnviableOne Silver badge

      when the good you're reselling specifically states, NOT FOR RESALE

  10. pollard5

    Buying in bulk and selling for more prices is the new business model.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019