Marketing departments everywhere are always looking for ways to sell more of their products. So when a new program comes on the market that can tell where people are spending money and how much, people sit up and take notice.
Blippy has this capability. As it says on its homepage, “Blippy is a fun and easy way to see and discuss what everyone is buying”. With high end investors like Twitter co-founder Evan Williams and Sequoia Capital it’s clear that investors see a big opportunity.
Blippy has had some security issues, however. Recently five subscribers to Blippy have had their credit card numbers revealed in Google’s search engine results. The Blippy blog was all abuzz with the happenings and as it carefully outlines, “due to a technical oversight on our part some transaction data appeared within the HTML code”.
While the “technical oversight” was exposed in February, for a mere half a day, Google had crawled and indexed the Blippy’s pages. This effectively takes a snapshot of the Blippy transactions that occurred at that point in time. This information was available through Google as the information was stored and made available since February. For the past three months raw data containing transaction information like credit card numbers, confirmation numbers and names, was available if you knew where to look.
From Bad to Worse
As people became aware of the issue there was a virtual stampede to remove their personal accounts from Blippy. Deleting their credit card numbers and entire accounts seemed like a safe thing to do. Unfortunately to add insult to injury, the Blippy server was over capacity. With all the media attention and finger pointing Blippy was unable to follow through with many of the requests. This resulted in several failed attempts to delete personal accounts.
Resolutions
Blippy reacted quickly and professionally to address the situation. Immediately Blippy stepped into action to understand the situation and how it occurred. They promptly addressed the situation and a coordinated effort with Google was undertaken to strip any personal, sensitive information from the data. Google responded resourcefully and reacted swiftly to accommodate the request and removed the information from its cached pages related to Blippy.
An official apology was issued and Blippy has been quite crest fallen from this technical oversight. As any true entrepreneur Blippy’s founders have reflected and grown from this experience and have devised a plan to prevent this from happening again. Top priority on their ‘to do’ list is “Hire a Chief Security Officer” to review information security.
This is kind of like closing the door after the horse is out of the stable. Blippy’s premise is that people want to see what other people are buying. The options to share credit card purchases with ‘friends’, and strangers, and then ‘friends’ can ‘like’ other people’s purchases. It is astounding that a site that is devoted to sharing credit card purchases did not have a rock solid security system in place. All this on the backs of new investors who recently injected $11.2 million in funding into the new business.
Related Posts:
- What the Bleep is Blippy? - Thanks to all of the social networking sites out there, you would think that your friends know everything they could possibly know...
- Three Little Numbers on the Back of Your Card - Have you made a purchase over the Internet or by phone lately? If so, you were probably asked to provide the V-Code...
- Port Richey FL Couple Accused of Stealing Credit Card Numbers - PINELLAS COUNTY, Fla. – The Pinellas County Sheriff’s Department arrested a Port Richey, FL couple on charges of selling credit card numbers...
- Restaurant Employees Stealing Customers Credit Card Numbers - Here’s another story about restaurant employees stealing customers credit card information in a decidedly ”low tech” way. Rather than using electronic card skimmers to pull the digits...