Blippy Flies Too Close to the Sun

When I first read about Blippy on TechCrunch in December of last year, my first thought was "Oh God, this sharing thing has gone way too far." My next thought was, "Note to self: stay far away from Blippy." For those who don't know, Blippy is a "transaction sharing" site. You enter your credit card details and the site scrapes your account activity and posts it for your friends to see. Yay, my friend just bought a new toaster oven.

Apparently, they also, in a small number of cases, posted full credit card numbers on the Internets, which Google subsequently, dutifully, crawled.

This situation is utterly awful. Credit card theft is rampant (my wife just got notified yesterday of a fraudulent charge on her Visa card).  Those roughly sixteen numbers are sacrosanct.

I don't know who is stupider in this situation:

  • Blippy, for creating a website that accesses user's credit card accounts, scrapes their information, and broadcasts it for eternity (and does all of those things really badly, exposing sensitive data in the process)
  • Blippy users, for signing up for such a dumbass idea and willfully handing over their credit card data
  • Credit card companies, for creating a system where the only thing stopping someone from using my credit is not knowing the sixteen-digit number boldly printed on its face

Last night, Blippy issued an apology as well as a corrective plan of action. But this is too little too late. If you're creating a website based on sharing my credit card transactions with my friends, isn't your first and most important concern the security and privacy of the data? Or does that come down the road, after they've duped enough users into signing up?

An apology is simply not good enough. Nor is a corrective plan. Blippy needs to shut down their borked service and pack up the wax and feathers on which they've built their clusterfuck of a startup.

Reblog this post [with Zemanta]