BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Blippy to hire CSO, conduct audits after credit card breach

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Tue, 27 Apr 2010 19:35:25 -0400
http://www.scmagazineus.com/blippy-to-hire-cso-conduct-audits-after-credit-card-breach/article/168728/

Blippy, a Silcon Valley start-up that enables users to share details
in real time about purchases they make, plans to invest millions in
information security following revelations that it exposed the credit
card numbers of a small number of people through Google's search
index.

Ashvin Kumar, co-founder and CEO of Blippy, said in a blog post early
Monday that as a result of the breach the company plans to hire a CSO,
conduct regular third-party security audits, and install technology
that strips out sensitive information from Blippy posts. In addition,
the firm plans to create a central portal for users to obtain
information about security and privacy.

Kumar explained that some banks, in rare instances, include credit
card numbers as part of the line-item purchases shown on transaction
statements. This so-called raw transaction data normally is stripped
out by Blippy but, due to a "technical oversight," it appeared within
the HTML code on some Blippy pages for a half day in early February,
coincidentally the same time that Google indexed the site.

"Even though the sensitive information was hidden in the HTML and not
visible in plain view, the Google crawler observed it and recorded the
information to put into its search index," Kumar said in Monday's
post. "Google effectively took a snapshot of Blippy during that
half-day period. Though our site has changed considerably since early
February, Google's snapshot of these pages did not update, which
effectively extended a half-day exposure into a three-month exposure."
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: