The social sharing site Blippy is all about transparency, allowing users to publish all their credit or debit card purchases to the web. But yesterday someone figured out that maybe they were
a little too transparent
. Using only a "from card" modifier on a search directed at Blippy, this industrious individual was able to uncover 127 full credit card numbers according to VentureBeat.
Blippy has always been very clear about their commitment to security, but the nature of the site meant this was a possibility. Blippy founder Philip Kaplan responded to the situation calling it, " a lot less bad than it looks." Kaplan explained that the error on their part was related to their beta period several months ago. During this period Blippy was storing a lot of the raw data as HTML, and it turns out that Google indexed the HTML making it visible on the search engine. He also claims that the error affects only four unique cards, but we can't confirm this.
Kaplan promised that current Blippy users are not at risk and they are working with Google to remove Blippy from the search giant's cache. While the explanation seems reasonable to us, we're still a little dubious. Does anyone out there use Blippy? Does this worry you enough to stop?