Users of Blippy.com want to share their transactions with the Internet, but they probably didn’t want to share their credit card numbers, too. Unfortunately for the users of the financial social networking site, the latter happened on Friday. According to an initial report by VentureBeat.com, someone performed a Google search that turned up 127 results containing credit card information. The results included four Blippy users’ full credit card numbers.
Blippy.com calls itself “a fun and easy way to see and discuss what everyone is buying.” Users can track how much money they spend and where they spend it. Since its launch in late 2009, the site has been discussed in numerous publications and on plenty of websites: The New York Times just profiled the site, Time and the Wall Street Journal reviewed it, and even MyBankTracker.com ran an article about it way back in December. The site recently received $11 million in funding, according to The New York Times.
The hype was not as positive today when news of the slip-up hit the Internet. By performing a fairly simple Google search, someone unlocked the results, which contained information for transactions such as location, date and most importantly, credit card number.
Blippy Responds: ‘A Lot Less Bad Than It Looks’
Blippy responded to the issue with an entry at its Posterous blog expressing regret and reassuring users that their information is safe with Blippy. The blog post said the scenario “looks super-scary and certainly sucks for those few people who were affected, and is certainly embarrassing to us,” but is “a lot less bad than it looks.”
According to the statement, the data leak included four users’ credit card information. Blippy said it is working with Google to remove the information from the search engine’s cache, a process which should be completed sometime Friday. The statement compared the accidentally released information with handing a credit card to a store clerk and reminded users they would not be responsible for any purchases made without their permission. A link to the blog was posted on the Twitter account of Blippy president Philip Kaplan.
Situation An Example Of Online Security Issues
Blippy.com’s issue is similar to a May 2009 mess created by Online financial monitoring system Rudder. Rudder inadvertently sent out financial updates — including access to bank account info and balances, but not including card numbers or passwords — to 300 users, instead of each individual user.
The Blippy and Rudder scenarios serve as reminders of the dangers of submitting financial data online, an issue MyBankTracker.com wrote about yesterday.