Starting with December 16, scores of Groupon UK users have been complaining online about having their accounts hacked after finding out that fraudsters have placed countless of orders using the payment card the victims had attached to their Groupon profile.
According to multiple tweets, some of which have been embedded below, the hackers had ordered expensive products on the user's card, and sent it to various addresses across the UK, where a money mule most likely picked up and resold it.
Some users reported small losses, of a few pounds, but others said that fraudsters ordered expensive smartphones and electronics, some of which reached values of thousands of pounds.
@Groupon_UK hi, someone has hacked my account and changed all my details and attempted to make purchases! Bank are dealing with it ...— Vicky Caine (@vickycaine) December 22, 2016
@Groupon_UK Our account got hacked this evening. Over £900 took from bank and yet there's nobody at Groupon to help until tomorrow. Bravo.— Matt Uzdu (@MattUzdu) December 21, 2016
@Groupon_UK I can't get into my account and money has been taken from my account without my permission pls let me know how I can reset my pw— CP (@CazzlePeepers) December 21, 2016
@Groupon my account was hacked and no response from you in over 24 hours. Wouldn't normally do this but it seems I am being ignored.— Harpreet Lotay (@HBahad) December 20, 2016
Ok it's been 5 days since someone hacked my @Groupon_UK account and groupon STILL haven't helped me despite countless emails to them!— Samantha King (@SamMKing27) December 20, 2016
@Groupon_UK could someone please contact me asap directly as I have had my account hacked and fraudulent transactions have gone through— Joanne Brittles (@joanne_brittles) December 18, 2016
@Groupon_UK my account hacked and a lot of money taken for a purchase I did not make. Your lines closed. Can you please reply to my email?— Sherelle Fairweather (@szm_fairweather) December 17, 2016
@Groupon_UK my groupon account got hacked into at 4am this morning someone has bought themselves an iPhone 6 amongst other products— Rachel Nelken (@rachelnelken) December 16, 2016
@Groupon_UK someone has hacked my account changed the details and spent £700 out of my account customer services is useless unacceptable— Aliki chrysiliou (@liggyc) December 16, 2016
A quick search by Bleeping Computer couldn't find users complaining about getting hacked in the US and Canada. At the time of writing, the hacks seem to be impacting only Groupon UK users.
In fact, the only person who complained about getting hacked to the Groupon US support Twitter account was a UK user that reached out to the wrong account.
@sarahleigh84 sorry, but this is Groupon for the US/CAN only! For more today, email firstname.lastname@example.org. Thank you!— Groupon Help U.S. (@GrouponHelpUS) December 21, 2016
The targeting of only Groupon UK users might imply that the hackers are also located in the UK, or at least are collaborating with money mules from the UK, where the mules can pick up the illegally ordered products.
Speaking to a reporter from MoneySavingExpert, who first spotted the hacking trend, Groupon blamed the incident on data breaches that took place at other services.
The company blamed password reuse as the main source of these hacks, urging customers once more to update passwords if they've reused them anywhere else.
UK-based or any other Groupon users who find mysterious transactions on their profile should immediately contact their bank to stop the financial operation, and file a refund request with Groupon, which usually takes around ten days to resolve.