Security Glitch Results in Posting of Blippy User Credit Card Numbers Online
Updated: A quirky social website that allows users to share information about when and where they make purchases is getting some unwanted attention after it was revealed Friday that user credit card numbers are appearing online.
VentureBeat first noticed the glitch and reported that credit card numbers appeared in some 130 Google search results, Mashable and CNET report.
CNET and Mashable reached out to Blippy, which was featured in the New York Times on Thursday. Blippy co-founder Philip Kaplan e-mailed statements to VentureBeat and Mashable and spoke to CNET.
Kaplan told CNET that the fact that raw credit card data was viewable in the HTML source of its pages was overlooked in testing months ago. The data was subsequently removed but continued to show up in the Google cache, Kaplan said. He said four users’ credit card numbers were found in a Google search, and Blippy is attempting to contact them. Blippy is investigating whether more users could be affected.
“We don’t blame anybody except ourselves,” Kaplan said to CNET. “That said, we were surprised to find that Google cached HTML data that was not visible on our site.”
The Times noted that start-ups including Blippy are “exploiting a mood of online openness, despite possible hidden dangers.”
“People are not necessarily thinking about how long this information will stick around, or how it could be used and exploited by marketers,” Chris Conley, a technology and civil liberties fellow at the American Civil Liberties Union, told the paper.
Updated at 4:32 p.m. to include comment from Blippy.
