Remember Blippy? This is the social networking site that allows you to enter your credit card info, and then whenever you make a purchase with that card it gets posted to the site for all of your friends to see. Once the purchases are on the site your friends can leave comments about what you bought or did, sparing up conversations. As Travis said when he wrote up his post about the service launching, ‘It’s an invasion of privacy for your wallet…but with your permission.”
Shortly after the site went public, I wrote a post where I declared that Blippy Has To Be One Of The Worst Ideas Ever In Social Media. In that post, I asked, “With all of the cries of foul over privacy settings with Facebook, why would anyone voluntarily want to share such personal information with the world?” I envisioned potential employers discovering too much information about you, but it appears I aimed way too low in the potential problems.
Yesterday, The New York Times wrote a feature on the site on the back of the news the company had secured $11.2 million in another round of financing. This should be a joyous time for the company as it garnered them wide media attention, and is sure to have brought new users to the service. What it also did was bring them to the attention of a very creative person who understands the power of Google.
VentureBeat is reporting that a very creative individual went to Google and entered the search term site:blippy.com + “from card” and they got some amazing results. Like 127 responses from Google that showed them four people’s credit card number.
After some detective work from VentureBeat, they discovered an odd connection between all of the credit card numbers. For some reason not only are they all Master Cards, but they are all also issued from CitiBank. Why this is is not known at this time, but it sure is an odd coincidence.
CNET spoke with Blippy co-founder Philip Kaplan about the situation, and he told them that in the early days of Blippy, the credit card data was stored in the HTML, but they later fixed that so it wouldn’t happen any more. “Unfortunately, the incident was from early in our testing phase when we were just beginning to develop Blippy,” Mr. Kaplan told CNET. “We are working hard to bolster our security and make sure it’s stronger, including getting third-party audits from security experts and other measures to make sure this doesn’t happen again.”
Mr. Kaplan also added this last comment, “I know it’s an exciting story and it certainly is a headache for people involved and is embarrassing for us, but it appears much worse than it is, we believe.”
I’m sorry, but what? “It appears much worse that it is”? I think someone’s full credit card number appearing on Google, not through some hack mind you, is pretty much as worse as it gets. You get the person’s name and credit card number, figuring out their billing address and guessing at their expiration date wouldn’t be too difficult from there. 127 people have just had their credit cards opened to the entire Internet, and Mr. Kaplan is going to say its just “embarrassing”? Give me a break.
I do have a Blippy account, but only so I could look in on the site, and I never associated a credit card number with my account, and never intended to. With this news coming to light, I know now that I certainly made the right choice, and I don’t now how anyone else could ever feel comfortable with the site now. What other little gems are hiding out there that will some day lead to another “embarrassing” moment for the company? You know the type, where your personal credit card info gets leaked for the entire Internet to see. Boy, I bet their faces are all kind of red … as their users rush to have their credit card numbers changed.
What say you? A little hiccup for a new company, or could this lead to their death?