Live: Best Cyber Monday Deals Live: Cyber Monday TV Deals Tech Fails of 2022 Deals Under $10 Deals Under $25 Deals Under $50 Streaming Deals on Cyber Monday Cyber Monday Video Game Deals
Want CNET to notify you of price drops and the latest stories?
No, thank you

Another Blippy credit card found in Google

A day after four Blippy users discovered their credit card numbers could be found in Google searches, a fifth user has fallen victim to a February breach.

Blippy user credit card findable through Google
Screenshot by CNET

Another credit card belonging to a Blippy user could be found in Google search Saturday, and the company said it had asked Google to re-index its entire site.

Silicon Alley Insider noticed that a site search of with the query "outstanding" turned up the debit card number of a Blippy user, a day after Blippy discovered that the credit card numbers of four Blippy users could be found via Google. Blippy inadvertently exposed the numbers to the public Internet in February, but did not realize the problem until Friday.

Blippy confirmed that a fifth user had been affected by the leak in a blog post Saturday.

"As a continuation of our efforts from yesterday, when four credit card numbers were discovered in Google's cache, we're taking the following measures: 1. We're continuing to work with Google to have them remove all sensitive information from their cache. 2. We're analyzing our backup databases from January and February to understand what additional information the Google cache may have."

Blippy also said that it had asked Google to re-index its Web site.

However, the search results for the query outlined by SAI had changed as of late Saturday morning Pacific time, with Google having removed the snippets underneath links to URLs that contained the credit card numbers.

Blippy said it had identified the subset of users affected by the breach as having signed up for its site before February 3 and having linked their account to a credit card from a bank that sends credit card numbers along with generic purchase information when reporting a transaction. Only two banks in Blippy's system do such a thing, the company said: one of them, Fifth Third Bank, has not responded to requests for comment.

Update at 1:48 p.m. PDT: A Google spokesperson later got back to us with this comment: "Fundamentally, it's Webmasters' responsibility to take action when they make a mistake. Yesterday, Blippy notified us about four credit card numbers they had inadvertently published to the Web, so we took special measures to quickly remove the snippets and cached results containing those numbers.

"Today, we learned that there were additional URLs cached from the site with credit card information, so our engineers worked on a Saturday morning to urgently remove the snippets and cached pages for all of, which has about 20,000 URLs. The fix was complete by about 11:25 a.m. Pacific on Saturday morning."