The entire customer database of a Groupon subsidiary in India has been leaked and indexed by Google.
Sosasta.com exposed the database by mistake which included usernames and passwords for customers of the group buying website.
The company informed customers of the breach by email and advised them to change passwords.
It said financial information was not exposed.
"We wanted to let you know that the issue has been brought under control and your accounts are secure. However, as a precautionary measure, we recommend that you change your Sosasta password immediately," it said in a email.
"You should know that we are working aggressively to prevent this from happening again. Sosasta takes security and privacy very seriously."
Groupon said in a statement that Sosasta runs a separate platform and is not connected to the Groupon Australian site.
Sydney security researcher Daniel Grzelak discovered the database indexed by Google and contacted Risky.Biz which reported the incident.