By Tom Krazit
April 23, 2010
A series of gaffes at Blippy, Google, and a Midwest bank exposed the credit card numbers of four individuals within Google search results for more than two months.
Friday was easily the worst day in the history of Blippy, a young start-up that enables people to create social networks around sharing information on goods and services they buy. VentureBeat discovered that credit card numbers of four Blippy users could be found in Google's search index, and it published its findings in a story, forcing the start-up's three founders to scramble to repair the damage and get the numbers removed from Google's search index.
Blippy acknowledged that it should not have exposed raw data containing credit card numbers to the Internet in February, when it was working on the site. But Google confirmed that its search bots should have noticed that Blippy had removed that raw data promptly when its crawling technology made its next pass across Blippy's site, which may have never happened.
A Google representative said the company was looking into why its technology did not update its cache of Blippy's pages for more than two months, declining to comment further.
The problem began when Blippy made a few changes to its Web site code in early February, inadvertently exposing the raw data that banks send to the service when a credit card user makes a purchase. That data usually includes innocuous data such as time, date, amount, and location of the purchase, and Blippy realized that it needed to scrub that data from its site when it discovered that confirmation numbers for airline tickets were exposed.
But it did not realize in February that one particular bank, Fifth Third Bank, based in Cincinnati, also sent the actual credit card numbers of its users along with that purchase data. Blippy co-founder and CEO Ashvin Kumar said Blippy had no idea that this data had been exposed until Friday morning. He said no other bank used with the Blippy service appeared to send credit card numbers along with the rest of the data.
After they saw the VentureBeat story, Blippy executives attempted to remove the data from Google via its Webmaster tools, but they reached out directly to the search giant after realizing that a media frenzy had begun. Google purged the information around 11:20 a.m. PDT Friday, it said.
Many who learned of the incident were probably more surprised that something like this hadn't happened sooner, given the skepticism of many about Internet privacy, security, and the wisdom of sharing your economic activity with the world.
Kumar thanked Google for its prompt response Friday morning and willingness to admit that something went wrong with its crawling technology. The card numbers were not visible on Yahoo or Bing on Friday morning using the same type of search that produced the numbers on Google.
Still, "we have to plan for the worst-case scenario," Kumar said. Google provides tools to Webmasters that allow them to flag content that was mistakenly published, and had Blippy taken advantage of those tools in February, the world would have likely never learned of the data breach.
The incident was especially painful for Blippy, given that a New York Times profile of the company appeared Friday morning, highlighting the growth of start-ups like Blippy that are designed to share personal information with the world. And the "worst-case scenario" is probably yet to come: although Alcott was willing to sign up for the service again Friday evening, after Blippy had initially removed his account in hopes of preventing any further breaches, he said, "I'm thinking about talking to a lawyer."
Learn more about Search Engine Optimization, the most effective form of online advertising.
Search Engine Marketing is the fastest growing advertising medium in the world, projected to become 10x more powerful and influential than traditional media outlets such as: network television, cable television, local television, network radio, local radio, satellite radio, national newspapers, local newspapers, magazines, billboards, direct mail, telemarketing and more.
Discover the most powerful and effective form of advertising, Search Engine Optimization.
An aside for consideration are the segments of Search Engine Optimization. Clarification is required in terms of paid search marketing, sponsored search advertising, pay per click, email marketing (spam), and the foundation of strategic internet marketing: Organic Search Engine Optimization - Organic SEO in some circles also referred to as Natural Search Engine Optimization - Natural SEO.
Key Organic Search Engine Optimization Facts:
- Keyword search is the 2nd most popular online activity, rapidly approaching the popularity of email retrieval.
- 90% of all new website visitors are delivered by a major search engine and/or directory.
- 98% of all keyword search activity results are powered by the big 4 search engines: Google, Yahoo, MSN and AOL.
- Keyword search results on Google, Yahoo, MSN and AOL are all determined by a search engine spider and/or robot crawler.
- Recent internet marketing studies confirm that keyword searchers prefer the organic results at a 6 to 1 ratio vs. pay-per-click sponsored search advertising listings.
Is your corporate website being found early and often on the keywords and keyword phrases that best describe your products, services and industry?
Harness the power that our proven organic search engine optimization technologies can provide...
Contact the Peak Positions Organic SEO consulting specialists today.
Learn more about our client roster, one of the strongest in the SEO industry, and more importantly discover why our client-focused Organic Search Engine Optimization company maintains the highest client retention rate in the SEO industry.
"Our year over year order anniversary flowers revenues are climbing rapidly in a timid economy. If you are looking for an excellent SEO Company, we suggest Peak Positions" ...
SEO Case Study