by Alison Storm | 04/27/10

A social networking site that let's people see and discuss what people are buying accidentally leaked credit card numbers of some users, according to news reports. Apparently the security failures at Blippy.com meant that credit card numbers of at least five of the site's users appeared in Google search results. Raw transaction data appeared in the code, allowing access to credit card numbers. The company's co-founder and CEO Ashvin Kumar posted an apology on the company's blog and outlined Blippy's plan for making sure this doesn't happen again:

1. Hire a Chief Security Officer and associated staff that will focus solely on issues relating to information security.


2. Have regular 3rd-party infrastructure & application security audits.


3. Continue to invest in systems to aggressively filter out sensitive information.


4. Control caching of information in search engines.


5. Create a security and privacy center that contains information about what we are doing to protect you.

Kumar also wrote that some Blippy users have decided to delete their credit card information and erase their accounts over these security concerns. He wrote, "They trusted us with their information, and we are truly disappointed to have let them down. While these users reflect a tiny sliver of our user base, any number greater than zero is deeply unacceptable to us. We’ve built Blippy — and will continue to build Blippy — on the foundation of our community and the trust they place in us to create a safe, secure, and fun experience to share purchases."