Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Blippy Exposes Credit Card Numbers Through Simple Google Search

Soulskill posted more than 3 years ago | from the making-it-easy-on-the-scammers dept.

Businesses 95

An anonymous reader writes "In an unfortunate data breach, social media site Blippy has left credit card numbers in clear text, searchable via a simple Google query. The results show the amount spent on a transaction, the location, and the full card number. As of this submission, the issue still hasn't been resolved." The company's co-founder, Philip Kaplan, told the NY Times, "... when people link their credit cards to Blippy, merchants pass along their raw transaction data – including some credit card numbers – and the site scrubs that information to present just the merchant and the dollar amount spent. But several months ago, when Blippy was being publicly tested, that raw transaction data was present in the site's HTML code, where it was retrieved by Google. Mr. Kaplan said that early on, Blippy started disguising the raw transaction data behind the scenes, but it did not know about the breach until today."

cancel ×

95 comments

Looks bad... for 4 people (5, Informative)

alain94040 (785132) | more than 3 years ago | (#31959318)

As of this submission, the issue still hasn't been resolved

Not true. If I read the explanation carefully, what really happened is that some credit card companies sometimes add the CC number to the description of the purchased item. Bad! Which also means that on your printed statement for instance, your full CC number will appear. During beta testing of Blippy, they were not aware of that "feature", so they let through the full CC number of 4 beta testers. Once they figured it out, they easily added a filter.

If you were a beta tester for a service like Blippy, you can't be too shocked that this might happen. A better discussion would be what is Blippy really good for? I can see why I might like to browse other people's purchases once in a while, but why would I want to broadcast mine?

--
better than an internship in a startup: become a founder! [fairsoftware.net]

Re:Looks bad... for 4 people (4, Funny)

boneclinkz (1284458) | more than 3 years ago | (#31959352)

*browses to google, searches for full credit card number* No results. Whew!

Re:Looks bad... for 4 people (0)

Anonymous Coward | more than 3 years ago | (#31959496)

My search [google.com] returns 152,00 result!

Re:Looks bad... for 4 people (1)

drachenstern (160456) | more than 3 years ago | (#31959798)

Was that 152,00 Euro?

Re:Looks bad... for 4 people (4, Insightful)

FrankSchwab (675585) | more than 3 years ago | (#31959690)

So Google, who probably knows your name, your IP address, your Email address, all of your friends and family, all of the search terms you've ever used under any alias, and by pwning your wireless at home knows your street address and your MAC address, now knows your credit card number.

Funny, perhaps, but in a bit of a horrifying way.

Re:Looks bad... for 4 people (3, Funny)

maxume (22995) | more than 3 years ago | (#31959772)

Google Checkout seems to have a few users...

Re:Looks bad... for 4 people (2, Funny)

rliden (1473185) | more than 3 years ago | (#31960710)

-- Off Topic --

Uh oh, I replied in the same topic (posted just above) as the person I stole the sig from. I didn't see your post until I had hit the submit button. That has to be like crossing the streams.

Re:Looks bad... for 4 people (1)

maxume (22995) | more than 3 years ago | (#31960988)

I don't see how it makes me any less original.

Re:Looks bad... for 4 people (1)

rliden (1473185) | more than 3 years ago | (#31961118)

It doesn't.

Re:Looks bad... for 4 people (1)

rliden (1473185) | more than 3 years ago | (#31960670)

Google doesn't share the full CC number with retailers, from the Google Checkout Help page [google.com] .

Re:Looks bad... for 4 people (0)

Anonymous Coward | more than 3 years ago | (#31960072)

yes but now if I manage to figure out the first few numbers of your card and input them into google your number may show up in their "recent search suggestions"

Re:Looks bad... for 4 people (1)

The MAZZTer (911996) | more than 3 years ago | (#31960170)

You DO know Google keeps a scrolling ticker of the latest Google queries in their offices, right?

Re:Looks bad... for 4 people (1)

Dashiva Dan (1786136) | more than 3 years ago | (#31960584)

You mean you sent your full CC number out to the internet on an unsecure connection (google.com is not https,) to a service that makes search terms used viewable (well, not sure how they'd manage to pick your search term out, but it's probably possible)

Re:Looks bad... for 4 people (0, Offtopic)

mr_stinky_britches (926212) | more than 3 years ago | (#31959354)

Wow, talk about a misleading story. Oh well, it's hard to be surprised with /. anymore.

Offtopic, I know, but do any of you know of any sites better than slashdot? Or does (mostly) intelligent discussion just not exist on the internet..

Re:Looks bad... for 4 people (5, Funny)

Anonymous Coward | more than 3 years ago | (#31959366)

Offtopic, I know, but do any of you know of any sites better than slashdot? Or does (mostly) intelligent discussion just not exist on the internet..

You might try here [4chan.org]

Re:Looks bad... for 4 people (0, Flamebait)

Anonymous Coward | more than 3 years ago | (#31959886)

you should really try /b/ instead of /g/ :P

oops I just broke rule #1 and rule #2

Re:Looks bad... for 4 people (2, Insightful)

SnEptUne (1264814) | more than 4 years ago | (#31966534)

Wow, I didn't realize 4chan has a tech section. Thanks.

Re:Looks bad... for 4 people (1)

Monkeedude1212 (1560403) | more than 3 years ago | (#31959410)

You might want to go swing by Youtube, pretty much all the people who post comments there are so intelligent they are never wrong.

Re:Looks bad... for 4 people (1)

mwvdlee (775178) | more than 3 years ago | (#31959558)

Intelligent discussion does exist. You just have this repulsion field around you that ensures you are never involved when intelligent discussion takes place.

Re:Looks bad... for 4 people (1, Offtopic)

travdaddy (527149) | more than 3 years ago | (#31959694)

Yeah, check out the comments at CNN.com and Yahoo.com.

It's not intelligent discussion but it will make you appreciate Slashdot more.

Re:Looks bad... for 4 people (1)

WrongSizeGlass (838941) | more than 3 years ago | (#31959864)

Offtopic, I know, but do any of you know of any sites better than slashdot? Or does (mostly) intelligent discussion just not exist on the internet..

I'd have to say that intelligent discussion doesn't exist on the internet ... at least not anywhere I post. Hmm ...

Re:Looks bad... for 4 people (0)

Anonymous Coward | more than 3 years ago | (#31960396)

Ummm... yeah, but I'm not telling you about them. 1st rule and all.

Seriously, forums dedicated to specific devices, programs, whatever frequently have intelligent discussion in their "off-topic" boards, and tend to do pretty well at covering topics of interest to "typical" members. Find one where you fit in...

Re:Looks bad... for 4 people (3, Interesting)

blair1q (305137) | more than 3 years ago | (#31959576)

Which CC companies do this, so we can avoid them and let them rot?

If you use any of those "Disposable" card # (2, Informative)

ub3r n3u7r4l1st (1388939) | more than 3 years ago | (#31959726)

Most bank offer single-use or single-merchant "virtual" card number, which allow for only single use or for use within the same merchant. In the statement, it will show the name of the merchant, along with which "virtual" card number you used.

Even if you picked up one of these numbers, there is no use.

Re:If you use any of those "Disposable" card # (1)

blair1q (305137) | more than 3 years ago | (#31960058)

Well, sure, then. The number is good for one transaction. Exposing it is no problem at all. In fact, it's entirely the point of a one-time-use identifier. You can tattoo your old ones down your arm like Angelina Jolie's spawning coordinates.

Re:Looks bad... for 4 people (2, Informative)

natehoy (1608657) | more than 3 years ago | (#31960356)

There are two pieces of good news here.

1) Credit card companies only do this for "disposable" credit card numbers, which are usually only used for one transaction. No credit card company I've ever done business puts the full CC# of your master account on every line of your statement,

2) The REALLY good news is that such numbers only appear on your credit card statement,

So this information is relatively harmless, since most credit cards revealed this way would be invalid by the time they were revealed. Plus, of paramount importance here, the only way this information could possibly get out is if you gave your credit card account username and password to some strange website or something so they could see your credit card statement. And no one would be dumb enough to do that, right? I mean, that's insanity, giving out the username and password to your credit card accounts. Right? ummm, right?

Number of beta users: More than 5,000

Source: http://www.netbanker.com/2010/01/blippy_demonstrates_the_power_of_real-time_streaming_of_financial_transaction_data.html [netbanker.com]

Oh. Never mind. Some people are that stupid.

Re:Looks bad... for 4 people (1)

MaWeiTao (908546) | more than 3 years ago | (#31960370)

A better discussion would be what is Blippy really good for? I can see why I might like to browse other people's purchases once in a while, but why would I want to broadcast mine?

I know someone working at a company developing something very similar to this. To this day I'm having trouble figuring out where the value in this is. Why would people want to share what they're buying? And why would anyone else care?

I suppose there's value in this when shopping for deals or encouraging someone to get something. But that can already be accomplished a million other ways, the most basic being personally talking to the individual and actually showing them the product in question. As for shopping for deals, that's a very fluid thing and something I can better accomplish by just going on Amazon or Google and finding the deals for myself.

I personally think we're seeing the beginnings of another dot.com bubble. The prospect of making a lot of money for minimal up front investment is just too appealing. The big difference is that this time around the development is usually outsourced and often managed by people who don't really understand the technology. So it's not surprising that the people running Blippy would not have noticed such a glaring problem.

Why to broadcast your purchases: Reputation (1)

tlambert (566799) | more than 3 years ago | (#31960404)

Why to broadcast your purchases: Reputation

I'm not going to defend this as a good or a bad idea, but by having a separate authoritative channel, they've basically made it possible to verify that someone who posts a review of a product actually owns the product, rather than just being a troll or a shill.

This effectively addresses head on the recent issues that "Yelp" has had in terms of offering paid advertising, using predatory or unethical sales practices, and so on. This is akin to using the getpeername/gethostbyaddr/gethostbyname verification that most SMTP servers do these days to verify that the ARIN IP address delegation agrees with the DNS delegation. By having two independent authorities to provide a countercheck, spoofing your gethostbyaddr doesn't get you anywhere because they can verify that you are really coming from one of the machines you say you are coming from.

Like I said, I don't know if it's a good idea. It's probably not even technically social networking. But it could have a useful application.

-- Terry

Re:Why to broadcast your purchases: Reputation (1)

KDR_11k (778916) | more than 4 years ago | (#31965786)

I'm not going to defend this as a good or a bad idea, but by having a separate authoritative channel, they've basically made it possible to verify that someone who posts a review of a product actually owns the product, rather than just being a troll or a shill.

Could work in the other direction too, making people think you didn't buy something just because you paid in cash.

Clearly Google is to blame! (1)

Kenja (541830) | more than 3 years ago | (#31959398)

Or does the "normal" logic not get applied this time?

Re:Clearly Google is to blame! (1)

Intron (870560) | more than 3 years ago | (#31959570)

Normal logic? You mean "shoot the messenger"?

Re:Clearly Google is to blame! (2, Funny)

natehoy (1608657) | more than 3 years ago | (#31959822)

Well, duh! He's right there when I got the news! What in the hell would you expect me to do? Go out and find who actually did it and shoot THEM?

Geez, if I had that kind of patience I'd probably lose my American citizenship. Plus then I probably wouldn't be allowed to have a gun so I could shoot someone.

Re:Clearly Google is to blame! (2, Funny)

WrongSizeGlass (838941) | more than 3 years ago | (#31959884)

Normal logic? You mean "shoot the messenger"?

Google doesn't have a "messenger", that's MS & Yahoo you're thinking of. You must mean "shoot the search engine" ;-)

Re:Clearly Google is to blame! (0)

Anonymous Coward | more than 3 years ago | (#31959946)

Google doesn't have a "messenger", that's MS & Yahoo you're thinking of. You must mean "shoot the search engine" ;-)

Yes it does [google.com] .

Re:Clearly Google is to blame! (0)

Anonymous Coward | more than 3 years ago | (#31960332)

[Foghorn Leghorn] 'Whoosh', I say 'Whoosh'. That thar's a joke, son. [/Foghorn Leghorn]

Re:Clearly Google is to blame! (0)

Anonymous Coward | more than 4 years ago | (#31964834)

"thar" is ignorant Tennessee rural. Foghorn is patrician Georgia Southern gentleman.

"Ah say there, son, that would be Whoosh! Whoosh, I say."

Hear the difference?

Why doesn't Google apply a global filter for CC#s? (2, Interesting)

Xoc-S (645831) | more than 4 years ago | (#31965942)

All CC numbers have a particular pattern, and there is even a check digit [wikipedia.org] . Why doesn't Google provide a global filter in their search index so that any keyword that matches a credit card number is not indexed? And pages with CC numbers not cached, or blanked in the cache?

Sites such as bulletin boards frequently get somebody being stupid and posting their credit card number. The mods fix it, but the Google spider gets there first.

Already Resolved, people should think next time... (2, Insightful)

ProdigyPuNk (614140) | more than 3 years ago | (#31959458)

This issue seems to be resolved already. Maybe this incident was a Good Think (TM). People need to be aware that what they put on social media sites can come back to bite them. Most people shouldn't be putting near the amount of information on the sites as they already do, without even mentioning credit card numbers and recent purchases. If it takes a few people's credit history to make the point to a wider audience, maybe this sort of thing should happen more often...

Re:Already Resolved, people should think next time (1)

em0te (807074) | more than 4 years ago | (#31964864)

Google still has the cache of them as of 1:24 AM "card site:google.com"

In other news (0)

Anonymous Coward | more than 3 years ago | (#31959466)

Everyone should have single sign on!

Nothing to hide (5, Funny)

Sir Holo (531007) | more than 3 years ago | (#31959508)

If you have nothing to hide, then why not?

/sarcasm (see NYT article) [nytimes.com]

Re:Nothing to hide (1)

MBCook (132727) | more than 3 years ago | (#31959920)

Glenn Beck posts on Slashdot?

Don't test with customer data (2, Insightful)

mwvdlee (775178) | more than 3 years ago | (#31959512)

Every idiot knows this; you don't test with customer private data.
You may randomize/one-way-scramble the real data to anonimize it, but you never, ever use the actual data for tests.

Re:Don't test with customer data (1)

AcousticYorick (1787308) | more than 3 years ago | (#31959742)

...real data to anonimize it...

There is a similar word in the English language: Anonymize [reference.com] .

"Repulsion field [slashdot.org] ," indeed.

Re:Don't test with customer data (0)

Anonymous Coward | more than 3 years ago | (#31959748)

Of course you test with real data. How else can you be sure that your system works correctly in a real-world environment? You just do it in a closed off environment that is identical or near-identical to real-world conditions. Which is sort of (but not entirely) what they did, apparently, since only beta testers were affected.

Re:Don't test with customer data (1)

mweather (1089505) | more than 3 years ago | (#31959874)

Why not test with data that is identical or near-identical to read-world data?

Re:Don't test with customer data (1, Informative)

Anonymous Coward | more than 3 years ago | (#31960400)

Actually you do NOT test with real data. I work in the processing industry. Card issuing companies have designated card numbers for testing. They are not generally published but even if they were used they would not work on a production system.

Additionally, all processors we have worked with have production and testing systems so when you test, not only are you using a test card number, you are also using a test processing system.

Beta testing in this case should NOT have included this problem. The card processing should have been tested apart from whatever a client "beta-tester" would need to play with. This is either the result of someone who is lazy or incompetent, period.

Re:Don't test with customer data (1)

coolgeek (140561) | more than 3 years ago | (#31960682)

You're missing the point altogether. Any entrepreneur with any reasonable experience knows that retention of anything but the last 4 digits of a card number puts you on the wrong side of PCI compliance. These guys are obviously a bunch of amateurs and should not be trusted.

Re:Don't test with customer data (1, Informative)

Anonymous Coward | more than 4 years ago | (#31965016)

This is, quite simply, not true. If you doubt me, please check http://www.pcicomplianceguide.org/pcifaqs.php#19 [pcicomplianceguide.org] . Retention of the full credit card number is allowed so long as certain safeguards are in place. The rule about last four is primarily guidance about what should be printed on a receipt.

Re:Don't test with customer data (0)

Anonymous Coward | more than 4 years ago | (#31965790)

I'm certain they did that for the technical testing but when you offer a social service and want to see how people use it you have to use real data, otherwise what's the benefit to sign up as a beta tester? It's also really annoying to see a comment like "every idiot knows this" followed by a flawed argument...

FAIL!!! (1, Funny)

oldhack (1037484) | more than 3 years ago | (#31959538)

God, this twit talk is growing on me. Cracks me up.

In even more shocking news... (2, Interesting)

Anonymous Coward | more than 3 years ago | (#31959622)

Blippy exposed as existing.

Are these guys f-cked? (3, Funny)

Anonymous Coward | more than 3 years ago | (#31959652)

I wonder if this company is F-cked. If there was only a web site that would tell me that...

Re:Are these guys f-cked? (4, Informative)

jonbryce (703250) | more than 3 years ago | (#31959932)

And for those who don't get the joke, Philip Kaplan, the founder of this site, previously had a site called fuckedcompany.com which charted the demise of dot.com and other companies following the collapse of the internet bubble at the beginning of the century. A f*ckup of this proportion would have probably earned about 60 points out of a total of 100. You get 100 points for bankruptcy proceedings.

Why would I WANT this? (4, Insightful)

nweaver (113078) | more than 3 years ago | (#31959678)

Who cares about revealing credit card numbers. The bigger question is, why would I want to deal with a business or "social media" site which snitches all my transactions from the businesses, and (i'm presuming) somehow makes them public?

And WTF are the businesses giving the full credit card number to the social media site at all? That just seems, umm, stupid?

Re:Why would I WANT this? (4, Insightful)

natehoy (1608657) | more than 3 years ago | (#31960040)

Some people are just exhibitionists. "Oooh! Look at me! I just bought a new XYZ phone!" and having that information fed to a social media site automatically means they have more time to, you know, buy more crap.

As far as the credit card information, it all depends on who is feeding it. According to several articles on the subject, users give Blippy access to their credit card accounts (as in, access to log in to their credit card web site), and Blippy extracts the data it wants from your actual credit card transactions. If you use "temporary" credit card numbers like I do, then quite often the transaction will show up as (for example) "AMAZON.COM CARD#9999-9999-9999-9999". If Blippy is actually getting that data, then it's your credit card company that's revealing the data, not Blippy. If you signed up with Amazon, then you'll probably just get a list of items and it's unlikely a credit card will show through.

So, the actual credit cards revealed were probably "disposable" numbers that were likely useless by the time they were revealed. However, that does lead to a different point. Who in the hell is giving Blippy their logins for their credit card accounts, or their merchant accounts? I mean, c'mon, really, we're well into April, it's nowhere near the first. Is this some form of sick stupid joke?

Of course, if one were to, say, GIVE THEIR GODDAMNED CREDIT CARD OR MERCHANT LOGIN INFORMATION TO A GODDAMNED BUNCH OF STRANGERS, then their concept of "security" differs too greatly from mine for us to have a coherent conversation on the matter.

Re:Why would I WANT this? (0)

Anonymous Coward | more than 3 years ago | (#31960204)

Strangers? You mean like the guys at Paypal, or Amazon.com, or the random waitress at your local restaurant, the cashier at your grocery store? Or do you know all these people intimately?

Re:Why would I WANT this? (2, Insightful)

maken (12497) | more than 3 years ago | (#31960288)

If you dont give your CC# "TO A GODDAMNED BUNCH OF STRANGERS" then how do you buy anything?

Re:Why would I WANT this? (1)

natehoy (1608657) | more than 3 years ago | (#31960392)

Sorry, bad wording, allow me to clarify.

"GIVE THEIR GODDAMNED CREDIT CARD LOGIN INFORMATION OR THEIR GODDAMNED MERCHANT LOGIN INFORMATION."

I'll gladly hand you my credit card to buy something from you, but I will not write down the credentials to log in to my credit card company's website and administer my card. Yet, that's what Blippy asks people to do, and that's what they do.

Re:Why would I WANT this? (1)

Lord Maud'Dib (611577) | more than 4 years ago | (#31965034)

You may have heard of this item called cash. Yeah, it works a bit like credit cards.

Re:Why would I WANT this? (1)

fm6 (162816) | more than 3 years ago | (#31960122)

Somebody had the bright idea that people would want every purchase they ever made available to their friends. Like you, I consider this idea demented, though it wouldn't surprise me if there were a lot of people who would find it kind of cool. Consider some of the other stuff you see online that once would have been totally private.

As for your WTF: this sort of thing has been going on for years. They do it because it's an extra revenue stream.

Re:Why would I WANT this? (2, Interesting)

rudy_wayne (414635) | more than 3 years ago | (#31960406)

Somebody had the bright idea that people would want every purchase they ever made available to their friends. Like you, I consider this idea demented, though it wouldn't surprise me if there were a lot of people who would find it kind of cool.

The idea behind Blippy, as best as I can figure, is that your friends can see all the cool stuff you buy and then leave comments telling you how cool you are. However, if you look at Blippy, what you actually see is an endless list of Taco Bell, Wendys, Exxon, Trader Joes and other mundane purchases. The truth is, the average person doesn't buy a lot of cool stuff.

What is more amazing than the existence of Blippy, is the fact that Blippy has obtained more than $12 million in VC money, despite the fact that they currently have no way of generating any revenue. It's almost like the dotcom bust of 10 years ago never happened.

Re:Why would I WANT this? (1)

Fnkmaster (89084) | more than 3 years ago | (#31960796)

I mean, either you buy a lot of boring shit, in which case nobody cares. Or you spend lots of fucking money on cool shit, in which case sharing it with the world is utterly obnoxious - nobody wants you to rub their face in how rich you are.

I don't get it. Then again, I'm one of those people who never really got the point of Twitter either.

Re:Why would I WANT this? (1)

Coopjust (872796) | more than 3 years ago | (#31961164)

You'd have to be insane to give money to this site. They are holding back account logins so they can scrape the transactions on debit cards. They have no income.

High libaility - any way of making money = VC Gold, apparently.

My guess is they're pitching something like the sponsored tweets. Where vendors can make their store or brands can make their brand/product purchases have some extra notice.

Re:Why would I WANT this? (1)

radish (98371) | more than 4 years ago | (#31962786)

Sure they have a way of generating revenue - they have all their user's CC and bank login details!

Blippy Idea? Market Research. (0)

Anonymous Coward | more than 4 years ago | (#31962840)

That's the idea that's sold to the public.

Blippy's real idea? Direct marketing tied to an individual.

"We may engage certain trusted third parties to perform functions and provide services to us, including, without limitation, hosting and maintenance, customer relationship, database storage and management, and direct marketing campaigns. We will share your personally identifiable information with these third parties, but only to the extent necessary to perform these functions and provide such services, and only pursuant to binding contractual obligations requiring such third parties to maintain the privacy and security of your data."

Yeah, that's right, that cool new "social networking" bullshit is the same thing as signing up to receive a f*cking catalog only with a more personal twist. It's the same as when Radio Shack, etc. asked you for your phone number and home address, just a little more detailed.

God knows, I'm not being sold to enough, sign me up for more!

Re:Why would I WANT this? (1)

Firehed (942385) | more than 4 years ago | (#31963774)

Blippy has tons of ways of generating revenue - they're just (consciously) not using them yet. When you have $12mm of runway to work with, you're better off building new features and getting more customers instead of spending your limited engineering resources on generating revenue. That's not universally the case, but when your revenue streams are going to rely on having a massive customer base, it makes sense to spend your VC money on getting customers for as long as that's sustainable.

Re:Why would I WANT this? (0)

Anonymous Coward | more than 3 years ago | (#31960296)

I want to know if I buy that Sex Toy I've been eying for some time, weather I can share that purchase with everybody online ? I will need someone to come along and sterilize my "post"ing before I comment on it.

Re:Why would I WANT this? (1)

Jawn98685 (687784) | more than 3 years ago | (#31960542)

Dude! Because it's so kewl, and besides, all your friends are there too.
/lawn

Virtual Credit Card Numbers (2, Informative)

hedley (8715) | more than 3 years ago | (#31959754)

Use them. Don't *ever* use a 2yr+ plastic #!

Citibank has this feature, other cards must nowadays also.

Re:Virtual Credit Card Numbers (2, Informative)

NerdyLove (1133693) | more than 3 years ago | (#31959898)

Anybody with a paypal account can do this as well. It is in the Paypal Toolbar section, but you don't actually need the toolbar to be installed to generate them.

Re:Virtual Credit Card Numbers (0)

Anonymous Coward | more than 4 years ago | (#31985792)

Ironically, as other people have noted, this is probably what caused the credit card number leak in the first place. When you use these one-time credit card numbers, your statement has the full number on the service line with the merchant name, which Blippy was unaware of.

Philip Kaplan? (2, Informative)

rekoil (168689) | more than 3 years ago | (#31959858)

The same Philip Kaplan that ran F*ckedcompany.com?

Re:Philip Kaplan? (1)

drewzhrodague (606182) | more than 3 years ago | (#31959902)

That was my thoughts. And mobog, and a few other experiments. Glad to see the guy still kicking, if it is the same Phil.

Re:Philip Kaplan? (0)

Anonymous Coward | more than 3 years ago | (#31961154)

yep - same guy, you'll find him here on FB http://www.facebook.com/pud

Re:http://www.facebook.com/pud (0)

Anonymous Coward | more than 3 years ago | (#31961334)

Do you want me to click that link? Or pull it?

Re:Philip Kaplan? (0)

Anonymous Coward | more than 3 years ago | (#31961894)

I'm thinking it's not Philip J. Kaplan. Just a suspicion, given how a project like this could go paws up over something... like this. Doesn't really seem like his style, given his previous body of work.

Re:Philip Kaplan? (1)

Sparky McGruff (747313) | more than 4 years ago | (#31969404)

No, it's "Pud" from F-d company. Pull the wiki page on Blippy [wikipedia.org] , and it points to Pud's page [wikipedia.org] , complete with a photo with him wearing a "I'd rather be masturbating" t-shirt. Sure, I'll trust my credit card numbers to Pud. No problem.

Blippy? (0)

Anonymous Coward | more than 3 years ago | (#31959870)

Is he related to Clippy, the paper clip we all know and love? Hey, what are you doing %^$%^$%^$% NO CARRIER

Tying your credit card # to a social media site... (1)

edelbrp (62429) | more than 3 years ago | (#31959894)

sounds like a real baaad idea to me.

Blippy and social media (2, Interesting)

wsuschmitt (1144069) | more than 3 years ago | (#31959960)

Users of Blippy want people to know about what they are buying... one more step towards having your entire life open to the world.

This brings up a point that needs to be looked in to a bit further as our personal information becomes digitized: at what point do you just let go of trying to hide personal numbers (such as credit card and social security) and make them as public as possible and force the system to make sure that YOUR numbers are really your numbers? Honestly, if the banking systems that we use for credit transactions notified me EVERY TIME that my SS# went through their systems , then I would know when it is being used and wouldn't worry so much about someone "stealing" my identity. It's a 9 digit number that will NEVER be reissued as long as I live; credit card numbers are 16 digits long and are 'throw-away'. As soon as the systems are in place that link me directly to my SS, I won't be worrying about trying to hide these numbers.

I'll be worrying about Big Brother watching my every move...

That's the nature of the internet (2, Insightful)

HalAtWork (926717) | more than 3 years ago | (#31959966)

It just goes to show that if you put information somewhere online, anywhere, it's as good as writing it on bits of confetti and throwing it to the wind. Some will land in mud or in the grass, bushes and trees and be obscured, others may land in the garbage and be ignored or thrown out, but if anyone wants to look hard enough, they'll be able to find it, and some may even come across it without any pretense or forethought. Computers can help people, especially by aggregating large amounts of data, and the more data you put in, the greater the benefit can be to streamlining things for you and helping you discover the best opportunities. But that can also be turned against them since the data is somehow somewhere available.

Google has censored results (0)

Anonymous Coward | more than 3 years ago | (#31960020)

Now google has censored the results but you can still find more data by using a slightly different search term.

site:blippy.com +"CARD#"

Google, if you got nothing to hide, why hide it, right?

Blippy article on NY Times (4, Informative)

yuna49 (905461) | more than 3 years ago | (#31960026)

Coincidentally, the Times is running a a story today [nytimes.com] about this new generation of "social" media sites like Blippy. Not only does Blippy want to compile a list of your purchases, they'd like to read your e-mail, too, if you don't mind. From the article:

The spirit of sharing has already run into some roadblocks. Amazon.com was so wary of the security ramifications of Blippy's idea of letting consumers post everything they bought that, for several months, it blocked the site from allowing people to publish their Amazon purchases.

In March, Blippy sidestepped Amazon by asking its customers for access to their Gmail accounts, and then took the purchase data from the receipts Amazon had e-mailed them. Blippy says thousands of its users have supplied the keys to their e-mail accounts; Amazon declined to comment.

Sigh....

Re:Blippy article on NY Times (3, Insightful)

TooMuchToDo (882796) | more than 3 years ago | (#31960166)

You can't fix stupid. +1 to Amazon for trying though.

Re:Blippy article on NY Times (1)

Coopjust (872796) | more than 3 years ago | (#31961192)

Blippy: Give your bank, credit card, and email logins to us, and we'll tell your friends what you bought. Hopefully we don't lose any of that info! Seriously, I wouldn't touch the site with a ten foot pole.

Bloopsy Daisy (1)

Bob_Who (926234) | more than 3 years ago | (#31960158)

Blippy blew big bloopers before the bankruptcy blues...

Re:Bloopsy Daisy (0)

Anonymous Coward | more than 3 years ago | (#31960284)

Bob Basler?

http://blogs.reuters.com/oddly-enough/ [reuters.com]

Your comment read just about as clever as stuff he posts.

Re:Bloopsy Daisy (1)

Bob_Who (926234) | more than 4 years ago | (#31965886)

....depends on a credit score and cash limit. I mean, er, um, Bob O Matic.

Why do I need to be private anyway? (1)

GovCheese (1062648) | more than 3 years ago | (#31960430)

There's an incoming generation (and here I'm thinking of kids just entering their teens) who may not buy into the same privacy fears you and I might share. "Why bother with privacy," they think. "Why do I need to be private?" I'm not sure if the change in philosophy is a generational shift to accomodate a wholly different social culture, or if, darkly, it represents an entire generation mindswiped by consumer overlords. Either way, it's troubling.

Re:Why do I need to be private anyway? (1)

turbotroll (1378271) | more than 4 years ago | (#31967918)

There's an incoming generation (and here I'm thinking of kids just entering their teens) who may not buy into the same privacy fears you and I might share. "Why bother with privacy," they think. "Why do I need to be private?" I'm not sure if the change in philosophy is a generational shift to accomodate a wholly different social culture, or if, darkly, it represents an entire generation mindswiped by consumer overlords.

Probably the latter.

Either way, it's troubling.

Indeed so.

What a bright future! (1)

OrwellianLurker (1739950) | more than 3 years ago | (#31960808)

Can't wait until I am treated with suspicion for wanting to protect my privacy. I hate my generation.

Not just blippy (1)

ZeBam.com (1790466) | more than 3 years ago | (#31961900)

Try this:

1) Pull a credit card out of your wallet and look at the 16 digit number with format "wwww xxxx yyyy zzzz"
2) Google the first two groups together in double quotes like this "wwww xxxx"
3) ???
4) Profit!

Re:Not just blippy (1)

ZeBam.com (1790466) | more than 3 years ago | (#31961920)

Actually, it should be:

"wwww xxxx" "card#"

Re:Not just blippy (1)

Firehed (942385) | more than 4 years ago | (#31963816)

Or just write a loop that runs a Luhn check against a sequence of numbers. About one in eight or so numbers in the sequence will pass as being a "valid" card number - but to run charges against it, you still need some additional data like a billing ZIP code at the very least

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...