The New York Times reports on privacy and security problems at Blippy, a site that lets people broadcast online their credit-card purchases.
The blog [VentureBeat] found a Google results page that divulged the Citibank-issued Mastercard numbers for 127 transactions. Those numbers could be easily scooped up by identity thieves and used for fraudulent purposes.
In a phone interview Friday morning, Blippy’s co-founder, Philip Kaplan, said the card numbers in question belonged to four Blippy users. He explained that when people link their credit cards to Blippy, merchants pass along their raw transaction data — including some credit card numbers — and the site scrubs that information to present just the merchant and the dollar amount spent.
But several months ago, when Blippy was being publicly tested, that raw transaction data was present in the site’s HTML code, where it was retrieved by Google.
Mr. Kaplan said that early on Blippy started disguising the raw transaction data behind the scenes, but it did not know about the breach until today. He added, “This still looks pretty bad.” […]
Update: Blippy posted this explanation on its Web site. In the explanation the company says, “We contacted Google and they promptly removed the 4 credit card numbers from their cache, so they are no longer visible.”