My Groupon Account Got Hacked and Here's What Happened When I Tried to Do Something About It
Almost everyone I know has a Groupon account. It's a great way to try out a new restaurant, or get discount tickets to local attractions. It's not something you might use every day, but it's helpful the few times you do.
Image: Groupon via Flickr
Like most people I had a Groupon account. I used it maybe three times a year [though I get e-mails from them three times a day] and aside from one minor hack years ago, I had no complaints. Last week, after an evening out, K and I came back to our hotel and I flipped open my cell phone and saw yet another e-mail from Groupon. This time, the subject header -- purchase confirmation -- got my attention:
Gaming? Like, Nintendo? Well that didn't happen.
The credit card used was one stored on Groupon's website. The same credit card stolen a few weeks ago, when someone, with a huge fondness for Walmart, hacked some website [which I now suspect may have been Groupon] and got my credit card information. The credit card used had been canceled for weeks.
Since there was a two hour window to cancel the purchase, I did what most would do in this situation. I clicked over to Groupon's website. I tried logging in. And couldn't. I sent a "password reset" e-mail. Nothing. And then, my phone vibrated. A new message from Groupon:
What the what? I called the provided number and was greeted by a message about them being busy dancing, or skipping, or something, and how they'd be back Monday. Unable to cancel the order, I called American Express, who perhaps blame-shifting or perhaps not, told me the canceled credit card went through because the vendor [read: Groupon] overrode the "declined credit card" status.
While AmEx assured me I wouldn't be paying for someone's gaming laptop, it gave me the heebie jeebies to know someone out there had my account, my identifying information and apparently the ability to successfully use declined credit cards. So the next morning, as soon as I could, while my kiddo splashed in the pool with his dad, I sat in the hotel and called Groupon.
They couldn't find my account. You see, they link your account to your e-mail address. Once that is changed, they told me that Monday, they can't find it. The lady, sweet as a button, took my information, the order number, and assured me someone from their 'integrity department' would call me by day's end as this is a serious matter we take very seriously here.
No one called. So I sent an e-mail that evening. I got an auto e-mail about flying monkeys or something and how they would contact me ASAP, but as the days went on it became apparent their definition of ASAP differed from mine.
So I called again and was informed there was no record of my Monday call. The customer service rep was, however, able to locate the purchase and the new e-mail address which was a fabricated mishmash [though eerily still using my name] and said someone would help me by Monday, thus going on more than a week since the fraud took place. In the meantime she told me I had to call AmEx and get them to give me my old credit card information as Groupon required it to help me further. Don't worry, she said, I won't let you slip through the cracks, I will send you a follow up e-mail detailing next steps after we hang up.
Sit down for this. Ready? No follow up e-mail came.
Frustrated, I wrote about it on Twitter:
And somehow, just like that, I got a reply on Twitter. And then, outside of business hours, I got a flurry of e-mails. Within a 24 hour window, my hacked account was located, deactivated and my money refunded without any call to AmEx required.
During the week of dealing with this, I learned that this isn't the first time this has happened with Groupon. According to comments on Groupon's Facebook page, people have been getting hacked and reporting it to Groupon fairly regularly and have been since at least 2012. My theory is that the thieves, knowing that Groupon is closed on the weekends so you can't contact someone there, use the weekend to do the bulk of their thefts. Groupon makes it easier for them by not retaining any trace of your e-mail address once they change it and thus making finding your account almost impossible by the support team. I'm not the only one who got ignored by them when this happened. And I'm apparently not the only one ignored until they vented publicly on Twitter.
So why am I sharing my experience? Most certainly not to say you should cancel your Groupon account [though I am canceling mine], but as this is the second time my Groupon account has had fraud-related issues, I am sharing to warn you to not store your credit card information on their website. When you make a purchase its stored automatically, but after all my research, it seems clear that Groupon doesn't do enough to protect this critical information.
All this to say, aggravating lingo aside, Groupon has its benefits, just be prepared that if the something hits the fan, they just might make you feel as if you took full-retail-priced crazy pills. I know almost everyone has a Groupon account, so I'm sharing my experience with the hope that it can help prevent someone from going through what I did because truly, no half-priced pass to the zoo was worth all this.
Aisha Saeed was born and raised in South Florida. She writes YA and is represented by Taylor Martindale of Full Circle Literary. You can read more of her writing at http://www.aishasaeed.com.
More from living