Blippy: Doing exactly what they say they do?
| April 23, 2010 | Posted by Sujeet under Security |
Heard about Blippy? It is a social network that claims to “see what your friends are buying.”
The Blippy front page
Turns out that they delivered on their promise just a tad too well. A Google search result, shown via the sanitized screenshot below – indicates that Blippy is showing full credit / debit card numbers, alongwith the user’s name and zipcode.
Full credit / debit card numbers on tap via Blippy
After all the time I just spent sanitizing the Google search results screenshot posted above, I’m hoping Blippy got the message.
As for Bradd Dantuma from Wyoming & Nate Marshall from Ohio – I’d suggest that they make a few calls to their payment card companies & place a security freeze on their credit file.
Oh, and Blippy – if you do process any payment card transactions, I’m guessing you’re not PCI-compliant.
Update: Within a few moments of going up, this post seems to have attracted attention from the aforementioned Bradd Dantuma of Wyoming (in the comments below). Bradd says he has called Blippy, so I’m assuming the right wheels are in motion now with regards to the safety of his payment card exposed by Blippy.
[...] This post was mentioned on Twitter by Sujeet Bambawale, semismiling. semismiling said: RT @Sujeet: A quick note about full credit & debit card numbers being visible off Blippy.com: http://sujeet.net/blog/?p=359 . Hope you' … [...]
Just got off the phone with Blippy. Shocking indeed.