SciTechBlog
April 27, 2010

Blippy is more popular after security lapse

Posted: 08:45 AM ET

Maybe all press is good press?

When reports surfaced that the young website Blippy had accidentally leaked the credit card numbers of five of its users online, some tech writers speculated that the startup would not be able to bounce back from the bad PR.

But the website's numbers tell a different story, according to the company's CEO, Ashvin Kumar.

Blippy - a Twitter-style website where people share details about their credit card purchases - had more users on Monday than it did on Friday morning before news of the security mishap hit, Blippy CEO Ashvin Kumar said in a phone interview on Monday.

Kumar declined to cite specific figures, but said some people have left the site because of its security issues; meanwhile, others have joined, ostensibly because of press surrounding the incident, or because of a front page story in the New York Times on Friday morning, which was published before the security troubles came to light, he said.

"We’re certainly net positive, meaning the number of users that signed up was greater than the number who deleted their accounts," he said by phone.

Kumar said Blippy is taking the security breach seriously.

"This is like the worst thing that could happen to us," he said. "This is very bad for us."

He added: "The safety and the security of our users is our number one priority every day. Every day we come to work just obsessing over how to build a better experience for our users, and the security of our users is the most important part of that."

Blippy has been in contact with eight people who may have had sensitive financial information posted in Google search results though Blippy, Kumar said. As of 7 p.m. ET on Monday, Kumar said he was not aware of any affected users who had experienced theft because of the postings.

He also said Blippy's funding was not affected by the security incident. On Friday, the New York Times reported the company recently received an $11 million investment.

Check out this previous blog post for details on new security measures Blippy is implementing.

Filed under: Blippy • Security


Share this on:
April 26, 2010

Can Blippy rebound after spilling credit card numbers?

Posted: 07:14 PM ET

Blippy wants to get your trust back - but is it too late?

After an incident last week in which at least five Blippy users' credit card numbers were made public "due to a technical oversight," the website's CEO said Monday that he is enacting security measures to keep that from happening again.

Blippy CEO Ashvin Kumar writes in a blog post that he expressed "sincere remorse" to eight of the site's users whose sensitive information may have been compromised.

He plans to keep that from happening again; he says Blippy will:

1. Hire a chief security officer and associated staff that will focus solely on issues relating to information security.
2. Have regular 3rd-party infrastructure & application security audits.
3. Continue to invest in systems to aggressively filter out sensitive information.
4. Control caching of information in search engines.
5. Create a security and privacy center that contains information about what we are doing to protect you.

Kumar's post asks users with security concerns to e-mail suggestions to hello@blippy.com. "We will personally respond to each and every recommendation," he writes.

Blippy is a Twitter-like service that lets people post online about what they're buying. Users can hook up certain credit cards to Blippy.com, and each time they make a purchase, the site will inform the person's followers about what they bought and how much it the person paid for it.

For a half-day in February, the site posted raw data about these purchases, which, in some instances, contained sensitive information like credit card numbers or airline confirmation numbers, the blog post says.

When Blippy noticed the error, it tried to remove the sensitive raw data, but some of it remained in Google's search results until it was discovered Friday by the tech site VentureBeat, the blog says.

Kumar writes that some Blippy users have been deleting credit card information and entire accounts from the site in the wake of the security incident. He did not say how many people have left the site but apologized for the fact that some of the removal requests were not acted on because of the frenzy surrounding the security incident.

He apologized to people who use the site.

"They trusted us with their information, and we are truly disappointed to have let them down," he writes. "While these users reflect a tiny sliver of our user base, any number greater than zero is deeply unacceptable to us. We’ve built Blippy — and will continue to build Blippy — on the foundation of our community and the trust they place in us to create a safe, secure, and fun experience to share purchases."

Since Blippy relies on users handing over financial information to the site, trust is a key component of Blippy's business.

So the real question is this: In light of the security mishap and this response, would you trust Blippy with your credit card info?

Posted by:
Filed under: Blippy • Security


Share this on:

subscribe RSS Icon
About this blog

Are you a gadgethead? Do you spend hours a day online? Or are you just curious about how technology impacts your life? In this digital age, it's increasingly important to be fluent, or at least familiar, with the big tech trends. From gadgets to Google, smartphones to social media, this blog will help keep you informed.

subscribe RSS Icon
twitter
Powered by WordPress.com VIP