Another Blippy credit card found in Google
A day after four Blippy users discovered their credit card numbers could be found in Google searches, a fifth user has fallen victim to a February breach.
Another credit card belonging to a Blippy user could be found in Google search Saturday, and the company said it had asked Google to re-index its entire site.
Silicon Alley Insider noticed that a site search of Blippy.com with the query "outstanding" turned up the debit card number of a Blippy user, a day could be found via Google. Blippy inadvertently exposed the numbers to the public Internet in February, but did not realize the problem until Friday.
Blippy confirmed that a fifth user had been affected by the leak in a blog post Saturday.
"As a continuation of our efforts from yesterday, when four credit card numbers were discovered in Google's cache, we're taking the following measures: 1. We're continuing to work with Google to have them remove all sensitive information from their cache. 2. We're analyzing our backup databases from January and February to understand what additional information the Google cache may have."
Blippy also said that it had asked Google to re-index its Web site.
However, the search results for the query outlined by SAI had changed as of late Saturday morning Pacific time, with Google having removed the snippets underneath links to Blippy.com URLs that contained the credit card numbers.
Blippy said it had identified the subset of users affected by the breach as having signed up for its site before February 3 and having linked their account to a credit card from a bank that sends credit card numbers along with generic purchase information when reporting a transaction. Only two banks in Blippy's system do such a thing, the company said: one of them, Fifth Third Bank, has not responded to requests for comment.
Update at 1:48 p.m. PDT: A Google spokesperson later got back to us with this comment: "Fundamentally, it's Webmasters' responsibility to take action when they make a mistake. Yesterday, Blippy notified us about four credit card numbers they had inadvertently published to the Web, so we took special measures to quickly remove the snippets and cached results containing those numbers.
"Today, we learned that there were additional URLs cached from the blippy.com site with credit card information, so our engineers worked on a Saturday morning to urgently remove the snippets and cached pages for all of blippy.com, which has about 20,000 URLs. The fix was complete by about 11:25 a.m. Pacific on Saturday morning."