Blippy Exposes Credit Card Numbers Through Simple Google Search 95
An anonymous reader writes "In an unfortunate data breach, social media site Blippy has left credit card numbers in clear text, searchable via a simple Google query. The results show the amount spent on a transaction, the location, and the full card number. As of this submission, the issue still hasn't been resolved."
The company's co-founder, Philip Kaplan, told the NY Times, "... when people link their credit cards to Blippy, merchants pass along their raw transaction data – including some credit card numbers – and the site scrubs that information to present just the merchant and the dollar amount spent. But several months ago, when Blippy was being publicly tested, that raw transaction data was present in the site's HTML code, where it was retrieved by Google. Mr. Kaplan said that early on, Blippy started disguising the raw transaction data behind the scenes, but it did not know about the breach until today."
Already Resolved, people should think next time... (Score:2, Insightful)
Don't test with customer data (Score:3, Insightful)
Every idiot knows this; you don't test with customer private data.
You may randomize/one-way-scramble the real data to anonimize it, but you never, ever use the actual data for tests.
Why would I WANT this? (Score:5, Insightful)
Who cares about revealing credit card numbers. The bigger question is, why would I want to deal with a business or "social media" site which snitches all my transactions from the businesses, and (i'm presuming) somehow makes them public?
And WTF are the businesses giving the full credit card number to the social media site at all? That just seems, umm, stupid?
Re:Looks bad... for 4 people (Score:5, Insightful)
So Google, who probably knows your name, your IP address, your Email address, all of your friends and family, all of the search terms you've ever used under any alias, and by pwning your wireless at home knows your street address and your MAC address, now knows your credit card number.
Funny, perhaps, but in a bit of a horrifying way.
That's the nature of the internet (Score:3, Insightful)
Re:Why would I WANT this? (Score:5, Insightful)
Some people are just exhibitionists. "Oooh! Look at me! I just bought a new XYZ phone!" and having that information fed to a social media site automatically means they have more time to, you know, buy more crap.
As far as the credit card information, it all depends on who is feeding it. According to several articles on the subject, users give Blippy access to their credit card accounts (as in, access to log in to their credit card web site), and Blippy extracts the data it wants from your actual credit card transactions. If you use "temporary" credit card numbers like I do, then quite often the transaction will show up as (for example) "AMAZON.COM CARD#9999-9999-9999-9999". If Blippy is actually getting that data, then it's your credit card company that's revealing the data, not Blippy. If you signed up with Amazon, then you'll probably just get a list of items and it's unlikely a credit card will show through.
So, the actual credit cards revealed were probably "disposable" numbers that were likely useless by the time they were revealed. However, that does lead to a different point. Who in the hell is giving Blippy their logins for their credit card accounts, or their merchant accounts? I mean, c'mon, really, we're well into April, it's nowhere near the first. Is this some form of sick stupid joke?
Of course, if one were to, say, GIVE THEIR GODDAMNED CREDIT CARD OR MERCHANT LOGIN INFORMATION TO A GODDAMNED BUNCH OF STRANGERS, then their concept of "security" differs too greatly from mine for us to have a coherent conversation on the matter.
Re:Blippy article on NY Times (Score:4, Insightful)
Re:Why would I WANT this? (Score:2, Insightful)
If you dont give your CC# "TO A GODDAMNED BUNCH OF STRANGERS" then how do you buy anything?
Re:Looks bad... for 4 people (Score:2, Insightful)