Blippy responds to credit card leak

After displaying credit card numbers of at least five people in Google search results, the social site pledges to hire a chief security officer and run regular audits.

Blippy, a social site focused on shopping, has pledged to take measures to avoid a repeat of the security failure that caused the credit card numbers of at least five users to appear in Google search results.

CEO and co-founder Ashvin Kumar apologized for the incident in his official blog on Monday. He also promised to revamp the site's security measures.

Kumar said he will hire a chief security officer and other staff to focus solely on the issue and will conduct regular security audits through third-party companies. He also pledged to invest in technology to filter out sensitive data.

Kumar said that he will also look at ways to control information that's cached in Google and other search engines. In addition, Blippy will set up a security and privacy center on its site to update people on the company's efforts to secure their data.

Blippy, which enables people to create social networks that revolve around the goods and services they buy, discovered in early February that due to a failure on its end, raw credit card data had been viewable in the HTML source of its pages for about half a day. Although the company quickly removed that data, it learned Friday that Google had indexed the information and was still displaying it in search results.

Blippy
The credit card numbers of Blippy users were available to anyone on the Internet for more than two months. Elinor Mills/CNET

Blippy spent Friday and early Saturday working with Google to completely remove the sensitive information, a process that Google reported was completed late Saturday morning . Blippy also contacted the owners of the credit cards to apologize and help them resolve any resulting problems on their end.

"They trusted us with their information, and we are truly disappointed to have let them down," Kumar said in the blog. "While these users reflect a tiny sliver of our user base, any number greater than zero is deeply unacceptable to us."

Kumar also invited other concerned Blippy users to weigh in on the matter and share their thoughts on the company's security, or lack thereof.

"If there are additional measures you would like us to take to improve Blippy's security," Kumar wrote, "please do not hesitate to e-mail us."

About the author

Journalist, software trainer, and Web developer Lance Whitney writes columns and reviews for CNET, Computer Shopper, Microsoft TechNet, and other technology sites. His first book, "Windows 8 Five Minutes at a Time," was published by Wiley & Sons in November 2012.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Delete your photos by mistake?

Whether you've deleted everything on your memory card or there's been a data corruption, here's a way to recover those photos.