Apr 232010
 April 23, 2010  Posted by  Breaches, Featured News, Online

Blippy’s web site says, “Blippy is a fun and easy way to see and discuss what everyone’s buying.” It may also be a fun and easy way for identity thieves to get your credit card number. Jennifer van Grove reports:

Sharing your credit card and online purchases with friends on the web sounds risky and it is. We’ve just discovered that several credit card transactions shared on social networking site Blippy have been exposed — with full credit card numbers included — in Google search results.

Tipster Trey Copeland wrote to us with a link to results for the search: site:blippy.com +”from card”. That search returns results showing detailed purchase information for transactions. Each result highlights that there was a “debit card transaction” or “card transaction,” the amount spent, the specific location (address included) and the full card number (as seen below)

Read more on Mashable. I ran the suggested search and yes, it does indeed reveal full card numbers, many of which appear to belong to a few particular individuals.

Ironically, perhaps, when I checked the Blippy page for two of the users, their pages each say:

[user] has protected his/her purchases. Send a follow request to encourage [user] to share with you.

I imagine that they’ll be quite shocked to discover that although they tried to protect their purchases, both their purchases and their card numbers are available to the entire world in Google search results.

Update 1: Blippy issued a statement, posted to TechCrunch. And as I type this, Google cache is being emptied and the revealing search results are now gone.

Update 2: One of the “Blippy Four” speaks about his reaction to the breach. See the Consumerist. [Link corrected]

Update 3: Blippy’s statement is also on their official blog, here. Thanks to the reader who sent in that link.

Update 4 (Saturday): Okay, maybe I spoke too quickly in saying they had resolved the problem. Nicholas Carlson of the San Francisco Chronicle points out that at least one person’s debit card number is still exposed if you do a different Google search. Thanks to a reader who sent me this link.

Sorry, the comment form is closed at this time.