Blippy wants to get your trust back - but is it too late?
After an incident last week in which at least five Blippy users' credit card numbers were made public "due to a technical oversight," the website's CEO said Monday that he is enacting security measures to keep that from happening again.
Blippy CEO Ashvin Kumar writes in a blog post that he expressed "sincere remorse" to eight of the site's users whose sensitive information may have been compromised.
He plans to keep that from happening again; he says Blippy will:
1. Hire a chief security officer and associated staff that will focus solely on issues relating to information security.
2. Have regular 3rd-party infrastructure & application security audits.
3. Continue to invest in systems to aggressively filter out sensitive information.
4. Control caching of information in search engines.
5. Create a security and privacy center that contains information about what we are doing to protect you.
Kumar's post asks users with security concerns to e-mail suggestions to firstname.lastname@example.org. "We will personally respond to each and every recommendation," he writes.
Blippy is a Twitter-like service that lets people post online about what they're buying. Users can hook up certain credit cards to Blippy.com, and each time they make a purchase, the site will inform the person's followers about what they bought and how much it the person paid for it.
For a half-day in February, the site posted raw data about these purchases, which, in some instances, contained sensitive information like credit card numbers or airline confirmation numbers, the blog post says.
When Blippy noticed the error, it tried to remove the sensitive raw data, but some of it remained in Google's search results until it was discovered Friday by the tech site VentureBeat, the blog says.
Kumar writes that some Blippy users have been deleting credit card information and entire accounts from the site in the wake of the security incident. He did not say how many people have left the site but apologized for the fact that some of the removal requests were not acted on because of the frenzy surrounding the security incident.
He apologized to people who use the site.
"They trusted us with their information, and we are truly disappointed to have let them down," he writes. "While these users reflect a tiny sliver of our user base, any number greater than zero is deeply unacceptable to us. We’ve built Blippy — and will continue to build Blippy — on the foundation of our community and the trust they place in us to create a safe, secure, and fun experience to share purchases."
Since Blippy relies on users handing over financial information to the site, trust is a key component of Blippy's business.
So the real question is this: In light of the security mishap and this response, would you trust Blippy with your credit card info?