“Many months ago when we were first building Blippy, some raw (not cleaned up, but typically harmless) data could be viewed in the HTML source of a Blippy web page. The average user would see nothing, but a determined person could see \u00e2\u20ac\u0153raw\u00e2\u20ac\u009d line items. Still, this was mostly harmless \u00e2\u20ac\u201d stuff like store numbers and such. And it was all removed and fixed quickly.<\/p>\n
Enter Google\u00e2\u20ac\u2122s cache. Turns out Google indexed some of this HTML, even though it wasn\u00e2\u20ac\u2122t visible on the Blippy website. And exposed four credit card numbers (but a scary 196 search results).”<\/p><\/blockquote>\n
Here’s the thing, Blippy is backed by some of Silicon Valley’s biggest investors. Ron Conway (an early Google investor), Philip Kaplan (AdBrite founder), Evan Williams (Twitter co-founder) and Sequoia Capital (the firm that’s funded Google, Apple and countless other tech giants). The company was started by two Stanford Computer Science grads.<\/p>\n
Between all those connections, no one understood enough about search engines to prevent sensitive data – even if a small amount, from being included in a public index? Or thought to hire someone familiar with search engine optimization and indexing or security to at least make best practice recommendations?<\/p>\n
Doing a site search, and viewing the source code of a web page aren’t exactly cutting edge hacking skills. In most cases, what people will find is harmless – notes on scripts used to give a website certain effects, comments made as changes are being made, etc. But leaving identifiable financial data exposed in non-secure areas – even if not plainly visible, is just plain sloppy.<\/p>\n","protected":false},"excerpt":{"rendered":"
There’s been plenty of buzz about Facebook’s latest privacy changes, but social shopping site Blippy may inadvertently steal some of the concern.<\/p>\n
Blippy.com, a site that allows users to share their purchases with friends (or the world, if they choose) based on credit card purchases, allowed some credit card numbers to remain visible through a simple Google search.<\/p>\n
Blippy is backed by some of Silicon Valley’s biggest investors. Ron Conway (an early Google investor), Philip Kaplan (AdBrite founder), Evan Williams (Twitter co-founder) and Sequoia Capital (the firm that’s funded Google, Apple and countless other tech giants). The company was started by two Stanford Computer Science grads.<\/p>\n
Between all those connections, no one understood enough about search engines to prevent sensitive data – even if a small amount, from being included in a public index?<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6840],"tags":[2917,2918],"_links":{"self":[{"href":"http:\/\/198.46.88.49\/wp-json\/wp\/v2\/posts\/10563"}],"collection":[{"href":"http:\/\/198.46.88.49\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/198.46.88.49\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/198.46.88.49\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/198.46.88.49\/wp-json\/wp\/v2\/comments?post=10563"}],"version-history":[{"count":6,"href":"http:\/\/198.46.88.49\/wp-json\/wp\/v2\/posts\/10563\/revisions"}],"predecessor-version":[{"id":10567,"href":"http:\/\/198.46.88.49\/wp-json\/wp\/v2\/posts\/10563\/revisions\/10567"}],"wp:attachment":[{"href":"http:\/\/198.46.88.49\/wp-json\/wp\/v2\/media?parent=10563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/198.46.88.49\/wp-json\/wp\/v2\/categories?post=10563"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/198.46.88.49\/wp-json\/wp\/v2\/tags?post=10563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"http:\/\/198.46.88.49\/wp-content\/uploads\/2010\/04\/blippy-fail.jpg\" "\\"blippy-fail\\"")