Groupon customers are being warned to be on their guard, after dozens of people say scammers have been raiding their accounts.
Hackers appear to have accessed the account details of Groupon customers, and used them to buy goods and services from iPhones to holidays.
MoneySavingExpert says it's been getting complaints for the last month from people who say they've received purchase confirmations for things they never ordered.
Customers are complaining on Twitter of losing thousands of pounds, with one saying that she's had her bank account cleared out. The fraudsters have bought items from iPads and iPhones to Starbucks vouchers, and in one case even a £2,000 holiday.
Free public wi-fi could make it easy for hackers to steal your details: protect yourself
It's not believed that Groupon itself has been hacked - instead, hackers have probably harvested passwords from other data breaches and discovered that people have re-used them on more than one site.
"With the massive data breaches announced last week by Yahoo - remember it was one billion accounts - it has never been more important to use different passwords on every site and use two factor authentication where possible," says Richard Meeus, VP technology EMEA at NSFocus.
TalkTalk customers hit by scammers
Customers who think they've lost money in this way should contact their bank as soon as possible, as well as Groupon customer services.
Groupon says it will investigate any complaints and refund customers who have experienced fraud. However, customers say that they are struggling to get through to the company - one says she's been waiting eight days for her calls to be returned.
And when customers do get a response, they're being told that problems could take ten days to sort out.
Don't keep changing your password, advises GCHQ
To protect yourself in future, you should use different passwords for each site, with a mixture of upper- and lower-case letters, numbers and symbols. If you're worried you'll forget them, there are various password management tools online.
And make sure your passwords aren't easy to guess; last year's commonest passwords, according to Splashdata, were '123456' and 'password'. And be careful what you reveal online: don't use your cat's name, for example, if you post about your moggy on Facebook.