What You Can Learn from Blippy's Credit Leak

ADVERTISEMENT

The social financial networking site Blippy.com is getting an expensive pubic relations lesson on the importance of keeping customer’s credit card numbers sacred. On Friday, MainStreet reported that four Blippy customers had their credit card numbers exposed via a simple Google search. Here’s what went wrong, and what consumers can take away from the experience.

Sure, it’s only four customers out of thousands who were exposed to potential card fraud, but who among us would like to switch places with any of them?

While consumer advocates are taking to their blogs and Twitter pages to display their outrage, Blippy is downplaying the data leak. Most news accounts played up the “easy access to private data” angle, noting that for a good chunk of that Friday, anyone could access the four customers’ credit card numbers on a simple Google search. Available to trollers were card customer transactions, including location, date of purchase and, most worrisome, the customer’s credit card number.

For a detailed account of the company's side of the story, check out Blippy's blog.

One critical misstep, though, is described by Blippy’s co-founder and CEO Ashvin Kumar on the Blippy blog, which was dated April 26 at 1:22 a.m.

“Naturally, when users learned of the issue this weekend, some wanted to disconnect their credit card accounts or delete their entire user account. At the same time, Blippy’s servers had been under increased load due to the media attention. This resulted in many failed requests to delete accounts because we had not invested sufficiently in making our account deletion process as programatically efficient as it could be.”

In other words, Blippy didn’t see the leak coming, and when it came, the company didn’t have a good plan to fix the problem. The company did note that it had reached out to Google and had removed the exposed credit card data by the end of the day on Friday — but that still left card information exposed for hours throughout the day..

The lesson for consumers? It’s always a risk to transmit sensitive financial data online.

To keep your card data a safe as possible, check for the padlock icon on the status bas at the bottom of the Web site you’re visiting. Also, look for an added by “s” to the “http” on the Web site’s URL. That means the Web site is protected by a secure server using SSL — a tough-to-crack data encryption program.

It’s also a good idea to read the company’s privacy policy language, usually linked to at the bottom of the company’s home page. There you can find answers on how the company uses and protects your financial data. If you don’t like what you read, don’t give the company your card info.

Granted, what happened to the four unfortunate cardholders on Blippy.com was rare, but it did happen. Take those steps listed above to reduce the chance of that happening to you.

—For the best rates on loans, bank accounts and credit cards, enter your ZIP code at BankingMyWay.com.

Show Comments

Back to Top