Blippy Users May Be Surprised to Find Credit Card Numbers Exposed
posted Sunday Apr 25, 2010 by Kyria Gianos
Since technology allows you to access pretty much any information you could ever dream of, you would think Internet users would take extra precautions to protect themselves from fraud. Well, Blippy, a site that permits users to share information about their online purchases from retailers such as Netflix, Woot, and eBay, did not do a very good job of protecting private information.
The site was intended for consumers to share their purchases with others looking to buy the product, but how much information is too much? When signing up for Blippy, they lead you to believe that the only information that will be shared is the item or service purchased, the amount, and the retailer. It was recently discovered that when a Google search was performed on some the the products, the entire credit card number and address were exposed. Bippy users were not aware that this information was being shared.
They issued a statement regarding the incident claiming, "Blippy is very concerned about safeguarding the confidentiality of your personally identifiable information. We employ administrative, physical and electronic measures designed to protect your information from unauthorized access. We will make any legally-required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored personal data to you via email or conspicuous posting on the Services in the most expedient time possible and without unreasonable delay, consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system."
To be affected by this, all of the following must be true:
The user had to sign up for Blippy prior to February 3rd, 2010.
The user had to link a credit or debit card account to Blippy.
The user had a public account on Blippy.
The user's bank must include credit card numbers in the line-item purchases on their credit card statement. So instead of the usual statement showing "Quiznos," the bank statement would list something similar to "Quiznos from card number 4444....." To date, we've only found 2 banks that do this, and no major banks.
The Google cache for a purchase on Blippy from that credit card must not have been updated since early February, 2010.
To prevent your information from getting out, it's probably best to avoid Blippy. Good news is, the official blog claims the issue is almost entirely resolved.