USA   |   UK   |   Australia   |   Canada
ADVERTISEMENT

Blippy's blooper: Social networking site leaks consumers' card data

Goof rekindles debate over how much private data should be public

By Brad Allen

Blippy, a social networking site, was too gregarious with some of its users' financial data, revealing credit and debit card numbers of eight individuals on the Google search engine.

Blippy has apologized, but the incident rekindled a debate over the role of privacy on the Web.

Websites can offer opportunities to ID thievesBlippy.com, which bills itself as "a fun and easy way to see and discuss what everyone is buying" allows members to register their credit and debit cards as well as  accounts on sites such as iTunes and Netflix. The site tracks and reports to other members of the site where they shopped, what they bought and how much they spent. Members can decide how much information they want to share each time or they can have all their transactions automatically reported.

Late on April 23, online news sites reported that some Blippy members' credit and debit card numbers were available via a simple Google search. That led to a weekend scramble to plug the leak.  In a blog, Blippy CEO and co-founder Ashvin Kumar admitted to "technical lapses" that allowed the sensitive information to get out and sit on Google's site for the previous three months. While the compromised data covered only about half a day's worth of transactions and affected a total of eight members, Blippy had Google scrub all Blippy-related snippets, about 20,000 pages. 

The site issued a five-point plan to beef up security and reported that the firm will work with the affected users "to assist them in resolving any issues that may arise out of this unfortunate situation."

Privacy debate rekindled
Case closed? Not exactly. Consumer advocates used the case as an opportunity to urge caution in revealing information about your credit card use.

"It's a remarkably bad idea to tell the general public where you are using your credit card," said Gail Hillebrand, senior attorney at the Consumers Union defendyourdollars.org project. "You're buying yourself a headache by exposing credit card usage."

Credit card companies use fraud monitoring procedures based on your normal pattern of spending, Hillebrand pointed out. Allowing a "fraudster" to track your spending habits could arm them with enough information to figure out ways to slip by the fraud monitoring system, she warned. 

She also pointed out that debit cards can create more complex issues if compromised. With a credit card, "you haven't paid yet," and have the chance to dispute charges when your bill arrives. But with a debit card, the money is taken, quickly and directly, out of your account. "You're missing dollars. Now, the rent check is bouncing."

In reality, the financial risk is small, since most banks have zero-liability policies that cover fraudulent activity for both debit cards and credit cards. But even so, it can still be a big headache for victims, who may need to get a new credit card as a result.

Credit card transactions are a gold mine for cross-marketing. It gives marketers so much information on what your shopping patterns are. Why would you voluntarily give that up?

-- Chi Chi Wu
National Consumer Law Center

Card data 'a gold mine'
"Credit card transactions are a gold mine for cross-marketing. It gives marketers so much information on what your shopping patterns are. Why would you voluntarily give that up?" asked Chi Chi Wu, staff attorney at the National Consumer Law Center.

"We have all these advocacy fights trying to help people keep their information private and personal," she said, pointing out that really personal information shows up on credit cards -- including doctor visits, cell phone service providers and life insurance payments.

"These people are voluntarily giving it up.  I'm just so perplexed by that."

Nonetheless, Wu said that if their credit or debit card information compromised by such a social networking site, "they have rights under credit card law."

In a post on Blippy's blog, co-founder Kumar said, "We are very sorry ... This is a very serious issue and simply apologizing is not enough. We've spent the last 48 hours working around the clock to dissect the issues, reach out to affected users, and put together a plan to ensure this never happens again."

What to do
What should you do if you suspect your credit card number may inadvertently be out over the Web?

Monitor your credit card statements and bank statements. It could be several months before fraudulent activity hits your account.  You may also consider putting a credit freeze on your account, which will prevent anyone from opening a new account in your name (but will not prevent fraudulent charges on your existing account). If you find that your card has been compromised, it's time to get a new one.

Check with the vendor responsible for allowing your information to leak to see if they will pay for the credit freeze or for issuing a new card. Often, issuing banks will charge the company that corrupted the credit card information to pick up the cost of issuing a new card, Wu said.

See related: Affluent are more often victims of ID theft, report shows, 10 ways to protect yourself from data breaches, Must-know ID theft terms

Published: April 26, 2010


If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

Three most recent Legal, regulatory, privacy issues stories:

Share This Story




Follow Us!


Credit Card Rate Report

Updated: 07-24-2014

National Average 15.03%
Low Interest 10.37%
Balance Transfer 12.64%
Business 12.80%
Student 13.27%
Cash Back 14.91%
Reward 15.00%
Airline 15.46%
Bad Credit 22.73%
Instant Approval 28.00%

ADVERTISEMENT
ADVERTISEMENT