Blippy Exposes Credit Card Numbers Through Simple Google Search

An anonymous reader writes "In an unfortunate data breach, social media site Blippy has left credit card numbers in clear text, searchable via a simple Google query. The results show the amount spent on a transaction, the location, and the full card number. As of this submission, the issue still hasn't been resolved." The company's co-founder, Philip Kaplan, told the NY Times, "... when people link their credit cards to Blippy, merchants pass along their raw transaction data – including some credit card numbers – and the site scrubs that information to present just the merchant and the dollar amount spent. But several months ago, when Blippy was being publicly tested, that raw transaction data was present in the site's HTML code, where it was retrieved by Google. Mr. Kaplan said that early on, Blippy started disguising the raw transaction data behind the scenes, but it did not know about the breach until today."

Looks bad... for 4 people

[alain94040]

As of this submission, the issue still hasn't been resolved

Not true. If I read the explanation carefully, what really happened is that some credit card companies sometimes add the CC number to the description of the purchased item. Bad! Which also means that on your printed statement for instance, your full CC number will appear. During beta testing of Blippy, they were not aware of that "feature", so they let through the full CC number of 4 beta testers. Once they figured it out, they easily added a filter.

If you were a beta tester for a service like Blippy, you can't be too shocked that this might happen. A better discussion would be what is Blippy really good for? I can see why I might like to browse other people's purchases once in a while, but why would I want to broadcast mine?

--
better than an internship in a startup: become a founder!

Re:Are these guys f-cked?

[jonbryce]

And for those who don't get the joke, Philip Kaplan, the founder of this site, previously had a site called fuckedcompany.com which charted the demise of dot.com and other companies following the collapse of the internet bubble at the beginning of the century. A f*ckup of this proportion would have probably earned about 60 points out of a total of 100. You get 100 points for bankruptcy proceedings.

Blippy article on NY Times

[yuna49]

Coincidentally, the Times is running a a story today about this new generation of "social" media sites like Blippy. Not only does Blippy want to compile a list of your purchases, they'd like to read your e-mail, too, if you don't mind. From the article:

The spirit of sharing has already run into some roadblocks. Amazon.com was so wary of the security ramifications of Blippy's idea of letting consumers post everything they bought that, for several months, it blocked the site from allowing people to publish their Amazon purchases.

In March, Blippy sidestepped Amazon by asking its customers for access to their Gmail accounts, and then took the purchase data from the receipts Amazon had e-mailed them. Blippy says thousands of its users have supplied the keys to their e-mail accounts; Amazon declined to comment.

Sigh....