I navigated to my Bubble account page only to see my full 16 digit visa card number pre-populated on both the billing name and billing email address fields. I saw them populate as the page load completed. This cannot be a safe way to store user payment details? Specially when right above those fields the exact 16 digit card number is displayed with only the last 4 digits displayed for security purposes, which is standard practice.
Anyone else see this?
Wow, that definitely isn’t normal, and I am not seeing it on my account page. Sounds like a bug report for sure, and because of the nature of it, I will take the liberty of tagging @sam.morgan, @JeffT, and @bubble here, too.
Not sure how to report this as a bug because I quickly deleted the two input fields and now I’m not able to reproduce it.
I will send Bubble an email separately.
@sam.morgan tagging you here as I believe you have been revamping the accounts section. Could you look into this please?
Hello! Please submit a bug report for this. A few things I can tell you with confidence:
- We don’t store any credit card details anywhere in our database. This is 100% handled by stripe.
- There are no workflows anywhere on Bubble that collect your credit card information. Instead, we redirect to stripe for all credit card input.
- The most likely way this happened is that somehow, your browser autofilled card details into the inputs that were meant for billing name and email.
Do you happen to have saved card information on your computer or browser for the purposes of autofilling on e-commerce sites?
In either case, a bug report is the best option here, since we’ll need as much information from you as possible to properly investigate this and understand what happened.
That was my initial guess too, as I have my card saved on Google Chrome. However, I have never had a scenario where loading a page automatically grabbed card details from my Chrome account. I don’t think Google would want that.
I have contacted Bubble and was advised it will be escalated to Tier 2 support.
99.9% chance this was it. This happens to me all the time in Chrome.
Yes we would definitely want to look into this to see if there is any reason on our end that the inputs may be grabbing the card details from your chrome autofill. Thanks for submitting a support request! Tier 2 will respond and investigate to get to the bottom of this.