Realistically, most new sites go through something like this. However, most websites don’t have access to your credit card and purchase information.
The raw data from the credit cards was exposed in the website HTML and cached by Google. That’s the jumble of dates, locations, and store names. Turns out, that information can be stuff you don’t necesarily want shared, like flight confirmation numbers from airlines. In the case of one bank, full credit card numbers were also available in that raw data.
A quick google search later, and people can harvest credit card numbers.
The Blippy site and Google’s cache have been scrubbed, but this is just one more reason that I will not be using Blippy. Even worse, their initial response was not as apologetic as one might hope:
In general, it’s important to remember that you’re never responsible if someone uses your credit card without your permission. That’s why it’s okay to hand your credit card over to waiters, store clerks, e-commerce sites, and hundreds of other people who all have access to your credit card numbers.
Their later responses have been better, but their go-forward plan sounds a lot like something they should have been doing all along. And considering a similar issue was found 2 days later, I’m wondering if there will still be a learning curve on their security.
Plenty of people still think that Blippy is going to be The Next Big Thing in social networking. I think that’s very possible (people are stupid), but I still think I’ll be skipping this one.
Does this change your opinion of Blippy at all? Were you planning to sign up, or is this just one more nail in the coffin?