GroupOn and LivingSocial: the next bubble waiting to Pop [update]

Daily deal company Groupon has become the latest darling of investors and expects to take in up to $25 billion in an IPO after the $1.14 billion in venture investment it has already garnered, according to Bloomberg. Maybe that has to do with the $760 million it grossed last year.

Now, rival LivingSocial, with $232 million in funding, says that by next year its sales will pass those of Groupon, at least in the U.S., as sarah kessler writes in Mashable.

With those levels of success and interest, there is investment in steady stream of UNICEF, whether start-ups trying to grab a piece of the pie, aggregators that pull together the deals from everyone, and such large operations as Microsoft Bing and the new York Times. But some early signs and a little historic perspective suggest that the category is in a huge bubble that pop will within the next few years.

: U.S. sales trend down

During the Super Bowl, Groupon had an outrageously ill-considered ad that tried for humor but instead screamed bad taste. That seemed to have a big impact on U.S. sales, according to data from erick schonfeld at TechCrunch (click to enlarge):

As Schonfeld points out, there are several ways in which the data could be kidding, but as it comes from scraping deals from Groupon sites, if the method has not changed, then any systemic bias should be fairly consistent and there has likely been some kind of drop.

I have pulled comScore data on unique visitors to Groupon to check, and they seemed to agree. : CEO Andrew mason replied with a graph from Google Analytics that seemed contradictory. However, that graph is labeled visits, which means “individual sessions initiated by all the visitors to your site.” If someone is inactive for half an hour, any new activity counts as another session. Furthermore, if the person comes by multiple times that month, it counts as multiple visits.

In other words, Mason compared apples to oranges. There are also multiple reasons why salts could be down, even with traffic, whether unique visitors or visits, going up:
competition increasing supply faster than demandlocal merchants doing smaller dealscustomer bettermerchants negotiating fatigue

All of them suggest that the rampant growth in the segment will soon be checked. Let’s split the factors into two groups: competition and customers, with the latter including both local merchants and consumers.

[Update: In a new post, Schonfeld notes that I have new data that would indicate to far more successful February for Groupon.] That said, the essential problems of competition and pressure from both business and consumer customers remain. [In the long run, it will be difficult to get high margins out of this business, because there are too many downward pressures on sales and margins.]

Competition gets tough

The number of would-be UNICEF is growing, and some are increasingly successful. Mashable’s Kessler also has data taken from sales comparing: and LivingSocial. She has a graph showing the relative percentage of U.S. sales each have (click to enlarge):

Already LivingSocial is putting pressure on Groupon. In addition, the competitive field keeps expanding. That means price pressure. Up until now, the companies have commanded deal to 50 percent cut of whatever consumers spent, and there have often been transaction fees in addition.

That can go nowhere but down with increased cialis 10mg competition. The arrival of large players like Microsoft, the New York Times, or even Google (GOOG) means the existence of companies that already have access to many consumers and, thus, have smaller costs of end user acquisition. There is still the cost of finding and selling local businesses on doing deals, but the bigger companies already sell to local businesses through their existing media holdings. Daily deals would require expansion, but not to start from scratch.

Such an advantage combined with the focus on additional, not primary, revenue means the big UNICEF could take significantly smaller shares of revenue deal. That will further press Groupon, LivingSocial, and other deal-specific companies to come down in price, which will reduce revenue per deal and seriously slow their growth.

Cranky customers

What ultimately feeds off the competition and lowered prices drives are disguised customers. Remember, there are two types of customers: the businesses that offer the deals and consumers that buy them.

Businesses are already getting smarter in how they work with deal sites, as Elizabeth holmes at the wall street journal notes. When a small company heavily discounts goods or services – say by half – site and then split the proceeds with the deal, what is left is cheap zithromax usually to loss per consumer.

But company owners that are dumb don’t stay in business long. Many are already getting smarter about the deals they’ll do. GroupOn has said that 95 percent of business customers would use the site again, but that gets tough when a university study found that a third of businesses that tried to Groupon for promotion, the experience was unprofitable.

Businesses going back will push for better terms – lower income for the company deal – especially as an increasing number of companies try to get them to sign up deal. Either deals will have to be profitable, or the consumers who use them will have to prove themselves of long term value to the businesses. Again, it’s downward pressure on deal companies’ revenue.

Finally, we suggestions that consumers are experiencing deal fatigue. Not only are there too many companies sending too many offers, but consumers who buy into the travel deals are motivated by savings and not necessarily tied to a deal site’s brand. They will prove to fickle lot.

That brings us to historical perspective. Deal coupons are nothing new. Newspapers and direct mail companies have offered them for years. The immediacy and instant gratification aspects of online deals are novelty that will wear off. Then you’re left with what in the past has proven to be a commodity industry.

Pull together all the evidence, and it suggests that even if daily deals are ramp up in total volume, the industry will soon hit maturity and find a cap on what it can do collectively. Big tech investors expect constant kamagra oral high growth. When that begins to stall, the disguised investors will find other places to put their money, and suddenly making money off daily deals will become grinding work, not a quick way to become rich.


Source: http://droid-n.com/groupon-and-livingsocial-the-next-bubble-waiting-to-pop-update.html

LivingSocial Reveals Cyber-Attack, Notifies 50 Million, Says No Credit Data Breached

Online daily deal company LivingSocial Inc. has contacted more than 50 million customers whose information may have been compromised in a recent cyber-attack, a company spokesman told BNA April 29.

“The information accessed includes names, email addresses, date[s] of birth for some users, and encrypted passwords--technically 'hashed' and salted' passwords,” the company said in an April 26 email to customers. “We never store passwords in plain text.”

However, “[t]he database that stores customer credit card data was not accessed or affected by the attack,” Andrew Weinstein, a spokesman for LivingSocial, told BNA.

LivingSocial added in a security notice on its website that the database that stores the financial and banking information of its merchants was not affected.

The company said that it is working with law enforcement agencies to investigate the attack.

Connecticut Attorney General George Jepsen (D) and Maryland Attorney General Douglas F. Gansler (D) have asked LivingSocial for more information about the possible impact of the data breach on consumers, according to a May 2 statement by Jepsen's office. The attorneys general have asked for a timeline of the incident; the number of affected individuals in each state; the types of data compromised; any reports or complaints about unauthorized charges; and a description of the company's security protections.

“For the business, [the attack] is a tremendous confidence shaker, as it likely will lead to people becoming more reluctant to use this service,” Kirk Nahra, partner at Wiley Rein LLP in Washington and a member of the advisory board for BNA's Privacy & Security Law Report, told BNA April 29. “These kinds of breaches also can have a broader impact on internet commerce in general, putting pressure on all businesses to beef up their security and address potential customer concerns.”
No Accounts Compromised

LivingSocial said on its website that it does not believe that any customer accounts have been compromised as a result of the attack. “It is difficult to decode a password that has gone through the hashing and salting process, and we have not received any abnormal reports of accounts with unauthorized charges or activity,” the company explained.

“What this means is that our system took the passwords entered by customers and used an algorithm to change them into a unique data string (essentially creating a unique data fingerprint)--that's the 'hash',” LivingSocial said. “To add an additional layer of protection, the 'salt' elongates the password and adds complexity.”

“This breach is a reminder of how much information is available on the internet and how precarious it can be,” Nahra said. “At a minimum, this breach involves a variety of data that can be packaged to learn a lot about people, including a variety of information that could lead to areas of concern … .” For example, he said, the attack could lead to the discovery of additional information, such as businesses that a LivingSocial customer has patronized.

In addition to increasing its monitoring of customer accounts, LivingSocial retired the passwords of affected customers and directed them to create new ones. It also encouraged those customers to consider changing their passwords on other websites where they use the same or similar passwords.

LivingSocial is notifying customers of the cyber-attack in every country in which it operates with the exception of South Korea, Thailand, Indonesia, and the Philippines, Weinstein said. The company's subsidiaries in those countries store their information on different servers, he explained.

“The security of our customer and merchant information is our priority,” LivingSocial Chief Executive Officer Tim O'Shaughnessy said in a notice to employees provided to BNA. “We always strive to ensure the security of our customer information, and we are redoubling efforts to prevent any issues in the future.”


Source: http://www.bna.com/livingsocial-reveals-cyberattack-n17179873787/

Hire Us to Get Groupon Scraping Services

Groupon is a very popular deal site, having its presence in 43 countries of the world. This is probably the main reason behind receiving requests from various groups of people by us to extract data from this site. We have been delivering service to our clients as per their requirements for a long time now. We take pride in announcing that we are constantly providing quality results to the requesters.

This is not the only deal site for which we receive special request for scraping. We are asked to provide LivingSocial scraping services as well. We need to provide both online and offline data entry services to our clients. They ask us to update them on a regular basis about daily deals updated on both these deal sites. Most of the companies come to us to get services on a long term basis.

You are also most welcome for the same. However, if you have any confusion about the quality of service we provide, you are free to opt for our trial service. You just need to let us know about your requirements and we would be able to provide the same on a trial basis. It is our belief that you would surely come back to us for taking long term service.

For more information feel free to contact us on info@idatacorner.com

Source: http://www.idatacorner.com/groupon-livingsocial-scraping.html

Dumped LivingSocial database offered for 1 Bitcoin

I’m sure many of you will have already read about the massive database breach at LivingSocial, a daily-deal company second only to Groupon. If not, then you aren’t one of the “lucky” 50 million people chosen for that day’s “special deal”.


LivingSocial reported a breach of their systems which resulted in the names, email addresses, dates of birth and hashed and salted password values being stolen. Although LivingSocial passwords were hashed and salted, unfortunately the cryptographic algorithm used was not a particularly strong one (SHA-1) this means that while cracking that password database is not trivial, it is certainly not impossible.
As a result, LivingSocial has reset all passwords for every user and obliged them to create new ones, this time using a new algorithm (bcrypt). Additionally, as password reuse continues to be a perennial problem, they have also rightly advised all their customers to change their passwords on any other sites that use the same or a similar password.

But things just got a little more urgent for those affected. Someone calling themselves KATOGRAPHR has posted a series of samples of the stolen data up on pastebin, about fifty-thousand samples if they are to be believed. The reason for the samples is that KATOGRAPHR is advertising the full database dump of  ”over 50M uid/email/sha1/salt” for the princely sum of 1 bitcoin (currently worth around $130USD).

Of course payment is up front, followed by an email with your “delivery address” and there’s no vouching for the veracity of the goods unless livingsocial care to verify, however several of the “taster” pastebin dump links remain active.

What does this mean for you? Well if you’re the type of person who tends to reuse your password across multiple web sites today’s the day to get out there and start changing that password and breaking that habit. Criminals now have your email address and common password.

It is never a good idea to use the same password across multiple web sites, so try to have a unique one for every site you use. While this may sound complex and impossible to remember there is simple way to acheive this. Create a complex, yet memorable, password using upper and lower case letters, numbers and special characters such as $%&!. Try using the initial letter from each word in a memorable sentence for example. Devise a way to differentiate your password for each site you use, for example putting the first and last letters of the web site name at the beginning and end of your initial complex password, making it unique yet easy to remember.

As for those security or password reset questions, this is also one of the most common ways to break into an account. If you are asked to provide answers to “Security questions” consider whether the answers are really secure. Secure means that you are the only person who can answer the question. If the possibility exists to create your own questions, use it. If you are obliged to answer more standard questions such as “First school”or “First pet” remember the answer doesn’t have to be the truth, it only has to be something you can remember.


Source: http://countermeasures.trendmicro.eu/dumped-livingsocial-database-offered-for-1-bitcoin/

Hotmail gets interactive with Netflix, Posterous, LivingSocial

Microsoft’s Hotmail team today will show how more companies plan to use its “Active Views” technology — interactive email messages that can be updated in the recipient’s inbox, even after they’re sent.

Blogging platform Posterous plans to use the technology to let its users see and respond to comments about a post from within an email, including comments that were made after the message was received. Daily deals site LivingSocial will let people see the time remaining on a deal, the number of deals purchased, and scroll through different deals, from within the email message.

LinkedIn and Netflix, which were previously announced as users of the technology, are also in the process of developing and rolling out their own Active Views emails — dynamically updating with new information about a person’s contacts and movie queue.

The feature arose from Microsoft research showing that the vast majority of emails contain links, directing people to web sites or other applications, and making the experience less efficient.

“We started out by saying, hey, how do we solve this problem by rethinking email itself, so you can actually do more inside of email,” said Dan Lewis, Hotmail senior product manager.

Microsoft is showing the latest plans at the Web 2.0 Expo in San Francisco this morning. It’s part of a broader overhaul of Hotmail, attempting to keep the venerable web mail service relevant in the face of strong competition from Google, Facebook, Yahoo and others. In some corners of the technology world, Hotmail also still needs to overcome negative perceptions based on its past struggles with spam.

The company introduced the Hotmail Active Views technology last year. The full interactivity works only in Hotmail, for now, but the same messages can still be viewed in more simple form in other email services and software programs. The technology uses OATH authentication and allows senders to deliver the content from their own servers, even expiring content after a period of time.

Microsoft itself has enabled Flickr and YouTube and other functionality in Active Views emails, allowing users to see and interact with photos and videos inside Hotmail emails, for example. Package tracking is another feature.

“The cool thing is, from a user’s perspective, it just looks like an email, but it lets them do more,” said David Dennis, principal program manager lead for Hotmail. “There’s lots of different approaches to adding third-party experiences in email — application add-ons and plug-ins, and things like that. From our perspective right now, the email is the application.”

Source: http://www.geekwire.com/2011/hotmail-expands-active-views-emails-posterous-livingsocial/

A look into the LivingSocial Hack

Earlier today, the New York Times has published an article following the recent hack of LivingSocial. the Washington based company had issued a letter to its employees, citing that 50 million customer records were compromised, the information contained personal information such as names, emails, addresses and birthdates as well as encrypted passwords. Credit card information, which is stored on a different database, was not stolen.

I believe that it is likely, based on the published information about the data and volume of data that was stolen, that the breach was via a web application attack such as SQL Injection or a framework based attack.

Lets explore these two angles:

The SQL Injection approach

Based on the data structure that LivingSocial said to have been hacked, it is very likely that the attack that was performed was an SQL Injection attack. the very defined category/column data headers that were disclosed (names, addresses, emails, passwords which are hashed) describes a database table in a very clear form. Unfortunately the SQL Injection vector remains to date one of the most common and least handled security problems out there.

LivingSocial has put up a warning message on their website and have informed their customers via email, which ties the database hacked as the database that interacts with their application.

The framework based approach

In 2011, TechCrunch published LivingSocial press release of them acquiring InfoEther, which is a Ruby-On-Rails expert firm. This and Job Seeking posts from LivinSocial looking for Ruby experts, makes me believe that Ruby-On-Rails is a major technology for them and that it is commonly used in their applications and application servers.

Earlier this year, we blogged about some of the latest Ruby vulnerabilities found, which enabled a remote hacker to gain control over an exposed server, execute arbitrary code or use it to hack deeper into the infrastructure.

LivingSocial may have been another victim of unpatched software.

What can companies do to prevent these types of incidents?

    Compensating controls such as a Web Application Firewall are key. While many companies rely on SDLC to resolve application security problems, the window of exposure between the time the bug exists, the time it is found and the time that there is a fix to block the security hole is very large and often hackers find their way to that bug way before the company does, it is a race.
    Always check if your application relies on a secured framework, if not – do make sure to either patch it quickly, or again deploy an interim solution such as a virtual patch to make sure that the security risk does not affect your application.


Source: http://blog.imperva.com/2013/04/a-look-into-the-livingsocial-hack.html

Note:

Alyce Medina is experienced web scraping consultant and writes articles on web data scraping, website data scraping, data scraping services, web scraping services, website scraping, eBay product scraping, Forms Data Entry etc.