Here’s a serious lesson in the dangers of over-sharing: Blippy, the site both loved and vilified for letting users share their latest purchases with their friends, accidentally (we assume) posted the credit card numbers of some users online. Venturebeat determined that a search in Google (NSDQ: GOOG) for “site:blippy.com+’from card'” returned users’ credit card numbers; I just tried and it appears to still do so, although the numbers I can find are from a very limited number of users.
The security breach comes a day after Blippy announced it had raised $11.6 million in a second funding round at a $46 million valuation — only four months after raising $1.6 million in its first round.
On Blippy, users’ purchases show up in a Twitter-like feed — and friends can comment on individual buys. It can work once a user enters their bank account or credit card information — but that information is definitely not supposed to be shared publicly. We reached out to Blippy earlier today for comment but have not heard back.
On its blog, Blippy now says that four card numbers were exposed and calls the incident “isolated.” “We’re making efforts to bolster our security to ensure that nothing like this ever happens again,” the company says.