Blippy And Credit Card Numbers: Update

The security and privacy of our users is extremely important to Blippy and is our top priority. As a continuation of our efforts from yesterday, when 4 credit card numbers were discovered in Google’s cache, we’re taking the following measures:

  1. We’re continuing to work with Google to have them remove all sensitive information from their cache.
  2. We’re analyzing our backup databases from January & February to understand what additional information the Google cache may have.

To date, we’ve discovered one additional credit card number and have reached out to the owner. And while we don’t anticipate anyone else to be affected, we’re continuing our investigation with urgency.

Only a very small subset of our users have the potential to be affected by this incident. In order to be affected, ALL of the following must be true:

  1. The user had to sign up for Blippy prior to February 3rd, 2010.
  2. The user had to link a credit or debit card account to Blippy.
  3. The user had a public account on Blippy.
  4. The user’s bank must include credit card numbers in the line-item purchases on their credit card statement. So instead of the usual statement showing “Quiznos,” the bank statement would list something similar to “Quiznos from card number 4444…..”  To date, we’ve only found 2 banks that do this, and no major banks.
  5. The Google cache for a purchase on Blippy from that credit card must not have been updated since early February, 2010.

We have asked Google to re-index the entire Blippy website, or at the least remove Blippy from their cache. We are continuing our investigation and will update this blog when we have news.

Ashvin Kumar
%d bloggers like this: