When I first read about Blippy on TechCrunch in December of last year, my first thought was "Oh God, this sharing thing has gone way too far." My next thought was, "Note to self: stay far away from Blippy." For those who don't know, Blippy is a "transaction sharing" site. You enter your credit card details and the site scrapes your account activity and posts it for your friends to see. Yay, my friend just bought a new toaster oven.
Apparently, they also, in a small number of cases, posted full credit card numbers on the Internets, which Google subsequently, dutifully, crawled.
This situation is utterly awful. Credit card theft is rampant (my wife just got notified yesterday of a fraudulent charge on her Visa card). Those roughly sixteen numbers are sacrosanct.
I don't know who is stupider in this situation:
- Blippy, for creating a website that accesses user's credit card accounts, scrapes their information, and broadcasts it for eternity (and does all of those things really badly, exposing sensitive data in the process)
- Blippy users, for signing up for such a dumbass idea and willfully handing over their credit card data
- Credit card companies, for creating a system where the only thing stopping someone from using my credit is not knowing the sixteen-digit number boldly printed on its face
Last night, Blippy issued an apology as well as a corrective plan of action. But this is too little too late. If you're creating a website based on sharing my credit card transactions with my friends, isn't your first and most important concern the security and privacy of the data? Or does that come down the road, after they've duped enough users into signing up?
An apology is simply not good enough. Nor is a corrective plan. Blippy needs to shut down their borked service and pack up the wax and feathers on which they've built their clusterfuck of a startup.
Related articles by Zemanta
- Blippy Issues, Resolutions, Plan (Ashvin Kumar/The Blippy Blog) (techmeme.com)
- Mint founder Aaron Patzer makes a slight jab at Blippy's privacy woes (social.venturebeat.com)
- Give Blippy Another Chance, They Deserve It (thenextweb.com)
- Blippy claims credit card leak plugged. We find one more number (venturebeat.com)
- Blippy users' credit card numbers exposed in search results (cnn.com)