Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blippy Exposes Credit Card Numbers Through Simple Google Search

Posted by Soulskill on from the making-it-easy-on-the-scammers dept.

An anonymous reader writes "In an unfortunate data breach, social media site Blippy has left credit card numbers in clear text, searchable via a simple Google query. The results show the amount spent on a transaction, the location, and the full card number. As of this submission, the issue still hasn't been resolved." The company's co-founder, Philip Kaplan, told the NY Times, "... when people link their credit cards to Blippy, merchants pass along their raw transaction data – including some credit card numbers – and the site scrubs that information to present just the merchant and the dollar amount spent. But several months ago, when Blippy was being publicly tested, that raw transaction data was present in the site's HTML code, where it was retrieved by Google. Mr. Kaplan said that early on, Blippy started disguising the raw transaction data behind the scenes, but it did not know about the breach until today."

9 of 95 comments (clear)

  1. Already Resolved, people should think next time... by ProdigyPuNk · · Score: 2, Insightful

    This issue seems to be resolved already. Maybe this incident was a Good Think (TM). People need to be aware that what they put on social media sites can come back to bite them. Most people shouldn't be putting near the amount of information on the sites as they already do, without even mentioning credit card numbers and recent purchases. If it takes a few people's credit history to make the point to a wider audience, maybe this sort of thing should happen more often...

  2. Don't test with customer data by mwvdlee · · Score: 2, Insightful

    Every idiot knows this; you don't test with customer private data.
    You may randomize/one-way-scramble the real data to anonimize it, but you never, ever use the actual data for tests.

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  3. Why would I WANT this? by nweaver · · Score: 4, Insightful

    Who cares about revealing credit card numbers. The bigger question is, why would I want to deal with a business or "social media" site which snitches all my transactions from the businesses, and (i'm presuming) somehow makes them public?

    And WTF are the businesses giving the full credit card number to the social media site at all? That just seems, umm, stupid?

    --
    Test your net with Netalyzr
    1. Re:Why would I WANT this? by natehoy · · Score: 4, Insightful

      Some people are just exhibitionists. "Oooh! Look at me! I just bought a new XYZ phone!" and having that information fed to a social media site automatically means they have more time to, you know, buy more crap.

      As far as the credit card information, it all depends on who is feeding it. According to several articles on the subject, users give Blippy access to their credit card accounts (as in, access to log in to their credit card web site), and Blippy extracts the data it wants from your actual credit card transactions. If you use "temporary" credit card numbers like I do, then quite often the transaction will show up as (for example) "AMAZON.COM CARD#9999-9999-9999-9999". If Blippy is actually getting that data, then it's your credit card company that's revealing the data, not Blippy. If you signed up with Amazon, then you'll probably just get a list of items and it's unlikely a credit card will show through.

      So, the actual credit cards revealed were probably "disposable" numbers that were likely useless by the time they were revealed. However, that does lead to a different point. Who in the hell is giving Blippy their logins for their credit card accounts, or their merchant accounts? I mean, c'mon, really, we're well into April, it's nowhere near the first. Is this some form of sick stupid joke?

      Of course, if one were to, say, GIVE THEIR GODDAMNED CREDIT CARD OR MERCHANT LOGIN INFORMATION TO A GODDAMNED BUNCH OF STRANGERS, then their concept of "security" differs too greatly from mine for us to have a coherent conversation on the matter.

      --
      "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
    2. Re:Why would I WANT this? by maken · · Score: 2, Insightful

      If you dont give your CC# "TO A GODDAMNED BUNCH OF STRANGERS" then how do you buy anything?

  4. Re:Looks bad... for 4 people by FrankSchwab · · Score: 4, Insightful

    So Google, who probably knows your name, your IP address, your Email address, all of your friends and family, all of the search terms you've ever used under any alias, and by pwning your wireless at home knows your street address and your MAC address, now knows your credit card number.

    Funny, perhaps, but in a bit of a horrifying way.

    --
    And the worms ate into his brain.
  5. That's the nature of the internet by HalAtWork · · Score: 2, Insightful

    It just goes to show that if you put information somewhere online, anywhere, it's as good as writing it on bits of confetti and throwing it to the wind. Some will land in mud or in the grass, bushes and trees and be obscured, others may land in the garbage and be ignored or thrown out, but if anyone wants to look hard enough, they'll be able to find it, and some may even come across it without any pretense or forethought. Computers can help people, especially by aggregating large amounts of data, and the more data you put in, the greater the benefit can be to streamlining things for you and helping you discover the best opportunities. But that can also be turned against them since the data is somehow somewhere available.

    --
    Twinstiq, game news
  6. Re:Blippy article on NY Times by TooMuchToDo · · Score: 3, Insightful

    You can't fix stupid. +1 to Amazon for trying though.

  7. Re:Looks bad... for 4 people by SnEptUne · · Score: 2, Insightful

    Wow, I didn't realize 4chan has a tech section. Thanks.