RSS Alerts

Share

More services

Related Links

Related Stories

  • Washington passes additional data breach measure
    The state of Washington recently enacted a supplemental data breach law intended to protect financial institutions from data breaches that occur as a result of negligence by businesses or card processors, primarily those that do not encrypt card data or fail to comply with PCI DSS rules.
  • RSA: PCI DSS survey shows that encryption is tops when it comes to end-to-end security
    According to a survey of qualified security assessors (QSA), the optimum methodology for end-to-end security protection is encryption.
  • Firms failing on PCI DSS
    A huge 81% of organizations that are subject to the Payment Card Industry’s Data Security Standard (PCI DSS) were found to be non-compliant prior to a data breach, according to a new study.
  • The PCI Paradox - why PCI DSS isn't preventing data breaches
    PCI DSS has been criticized as being both too prescriptive and too vague. The standard’s effectiveness has come under scrutiny once again as PCI compliant organizations have suffered huge data breaches in recent times. Danny Bradbury looks at the standard to find the root of the problem
  • Heartland takes US$12.6m hit for breach
    Heartland Payment Systems has revealed that it lost US$12.6m as a result of its 2008 data breach, in the same week that it finally regained official Payment Card Industry Data Security standard (PCI DSS) compliance.

Top 5 Stories

News

Blippy suffers credit card number leak

26 April 2010

Shoppers’ social networking service Blippy suffered a security flaw late last week, after some of its users’ credit card numbers began appearing in search results.

Blippy, which connects ‘friends’ on its social network so that they can exchange information about what they’re buying, allows people to automatically post information about what is being spent on their credit card. When a user searched on the term “Card from#”, 196 results showed up detailing full credit card numbers for four users, along with what they used to buy, where, and how much it cost.

Blippy, which was just awarded $11.2m in funding and was profiled by the New York Times, published an apology explaining what had happened. During a beta test several months ago, the company’s developers had noticed that some raw data from transactions logged by users were not stripped out. The raw data, which never made its way to the public Blippy website, was nevertheless part of the HTML data indexed by Google. The indexed data was cached, which is how it showed up in web results.

Although 196 search results showed up, they only affected the credit card numbers of four users, Blippy said. “We contacted Google and they promptly removed the four credit card numbers from their cache, so they are no longer visible.”

“We are hugely focused on security and are making efforts to bolster our security to ensure that nothing like this ever happens again,” Blippy assured, adding that a significant proportion of its recent funding round is being used to upgrade its infrastructure. “We are also conducting third-party security audits, and will be a lot more careful before new features are released, even if it's during a small, limited beta test period.”

This article is featured in:
Data Loss  • Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012