Although credit card information for four Blippy users was exposed by Google search, the situation has since been cleaned up, say Google and Blippy officials.
Four users of the social networking site Blippy.com had an unwelcome
surprise April 23 when it was discovered that a Google search turned up their credit
Blippy.com provides a way for people to post information about
their shopping habits-what they buy, how much they spend-to share
with friends. The data leak was the residual effect of a situation
uncovered months ago in a beta test, the company said.
Before the situation was fixed, a Google search exposed four
credit card numbers used for purchases at locations including Exxon
Mobil and Starbucks.
in a statement that when the company was first building the site,
some raw data could be viewed in the HTML source of a Blippy Web page. Most of
the information was nonsensitive data such as store numbers, and it all was
removed and the issue was fixed quickly, the company said.
"Turns out Google indexed some of this HTML, even though it wasn't ever
visible on the Blippy Website, and was removed from the HTML code months ago.
Which exposed four credit card numbers (but a scary 196 search results),"
Blippy co-founder Philip Kaplan said in the statement.
"We are hugely focused on security and are making efforts to bolster
our security to ensure that nothing like this ever happens again," Kaplan
said, adding, "We are also conducting third-party security audits, and
will be a lot more careful before new features are released, even if it's
during a small, limited beta test period."
A spokesperson for Google said the company first learned about the
situation around 9 a.m. PT. The
numbers became discoverable in Google search snippets as part of the search
crawling and indexing processes,
"Blippy contacted us and we took special measures to remove the numbers
from search results," the Google spokesperson said. "We fixed the
problem by 11:20 a.m. Pacific and
the numbers should no longer be discoverable in search."