Blippy Exposes Credit Card Numbers Through Simple Google Search

An anonymous reader writes "In an unfortunate data breach, social media site Blippy has left credit card numbers in clear text, searchable via a simple Google query. The results show the amount spent on a transaction, the location, and the full card number. As of this submission, the issue still hasn't been resolved." The company's co-founder, Philip Kaplan, told the NY Times, "... when people link their credit cards to Blippy, merchants pass along their raw transaction data – including some credit card numbers – and the site scrubs that information to present just the merchant and the dollar amount spent. But several months ago, when Blippy was being publicly tested, that raw transaction data was present in the site's HTML code, where it was retrieved by Google. Mr. Kaplan said that early on, Blippy started disguising the raw transaction data behind the scenes, but it did not know about the breach until today."

Re:Looks bad... for 4 people

[blair1q]

Which CC companies do this, so we can avoid them and let them rot?

In even more shocking news...

[Anonymous Coward]

Blippy exposed as existing.

Blippy and social media

[wsuschmitt]

Users of Blippy want people to know about what they are buying... one more step towards having your entire life open to the world.

This brings up a point that needs to be looked in to a bit further as our personal information becomes digitized: at what point do you just let go of trying to hide personal numbers (such as credit card and social security) and make them as public as possible and force the system to make sure that YOUR numbers are really your numbers? Honestly, if the banking systems that we use for credit transactions notified me EVERY TIME that my SS# went through their systems , then I would know when it is being used and wouldn't worry so much about someone "stealing" my identity. It's a 9 digit number that will NEVER be reissued as long as I live; credit card numbers are 16 digits long and are 'throw-away'. As soon as the systems are in place that link me directly to my SS, I won't be worrying about trying to hide these numbers.

I'll be worrying about Big Brother watching my every move...

Re:Why would I WANT this?

[rudy_wayne]

Somebody had the bright idea that people would want every purchase they ever made available to their friends. Like you, I consider this idea demented, though it wouldn't surprise me if there were a lot of people who would find it kind of cool.

The idea behind Blippy, as best as I can figure, is that your friends can see all the cool stuff you buy and then leave comments telling you how cool you are. However, if you look at Blippy, what you actually see is an endless list of Taco Bell, Wendys, Exxon, Trader Joes and other mundane purchases. The truth is, the average person doesn't buy a lot of cool stuff.

What is more amazing than the existence of Blippy, is the fact that Blippy has obtained more than $12 million in VC money, despite the fact that they currently have no way of generating any revenue. It's almost like the dotcom bust of 10 years ago never happened.

Why doesn't Google apply a global filter for CC#s?

[Xoc-S]

All CC numbers have a particular pattern, and there is even a check digit [wikipedia.org]. Why doesn't Google provide a global filter in their search index so that any keyword that matches a credit card number is not indexed? And pages with CC numbers not cached, or blanked in the cache?

Sites such as bulletin boards frequently get somebody being stupid and posting their credit card number. The mods fix it, but the Google spider gets there first.