A Dangerous ‘Blip’ With Blippy

A new social media Web site that encourages people to share their credit card and debit card purchases with the world has been found to be sharing a lot more with the world — several people’s credit card account numbers.

The founder of Blippy.com acknowledged Friday that nearly 200 transactions made by four Blippy users could be found through a Google search — with not only the basic information on the purchases but also the users’ full credit card numbers.

Then, on Saturday, the Silicon Alley Insider Web site found the full debit card number for another Blippy user — an Australian talk-show host and comedian.

After the first discovery relating to the four users, Blippy co-founder Philip Kaplan wrote on Blippy's blog that: “We are serious about security and want to assure Blippy users that this was an isolated incident from many months ago in our beta test, and doesn't affect current users.

“While it looks super-scary and is embarrassing to us, it’s a lot less bad than it looks.”

After the fifth user’s card information was discovered online, the company’s other co-founder, Ashvin Kumar, wrote on the Blippy blog that “while we don’t anticipate anyone else to be affected, we’re continuing our investigation with urgency.”

While card numbers were not visible on Blippy’s Web site, the credit card and debit card numbers became available through Google’s cache of non-current Web pages, which are also available through Google searches.

The credit and debit card numbers were available because Blippy users can register their card information with Blippy to automatically stream a record of their purchases. Kaplan and Kumar wrote that credit or debit card numbers were only potentially available for users who registered with Blippy before Feb. 3, 2010.

They also wrote that the company is working with Google to remove all Blippy-related credit and debit card numbers from Google servers.

Blippy has garnered plenty of attention in recent months, as it has trumpeted its business plan of having users share their credit card and debit card buying online. The Web site recently raised another round of funding — $11.2 million — from investors.

Part of the attention surrounding Blippy related to concerns about over-sharing of personal information on social media Web sites — and the riskiness of sharing credit card and debit card purchase information online. (The Silicon Alley Insider report on the fifth Blippy user was sub-titled: “Who in their right mind uses this service?”)

"In the frenzy to monetize our information and our eyeballs, companies are getting both careless and irresponsible," privacy advocate Jeffrey Chester told the Los Angeles Times in its report about the Blippy problems.