Blippy, a service that lets you share your purchases with others, was just called out by Mashable for exposing its users’ credit card numbers to a search engine. Since Mashable is widely-read, I start hearing from all over that Blippy released all of its users’ credit card numbers to the world, and since that’s a pretty epic failure, I go to check it out.
I’ve never used Blippy, but after two minutes of digging, it’s obvious that the story’s completely overblown. Every credit card number indexed by Google was in a paragraph beginning with “The purchase appears on your statement as:”, followed by the actual text of the line entry from the statement. It looks like Blippy has a feature that lets you automatically import your credit card statements, but didn’t realize that in rare cases, certain banks put the full credit card number in the description of the transaction. The vast majority of Blippy users have nothing to worry about – this is an unfortunate and embarrassing corner case, which a little regex could’ve caught, but it’s not the ‘OMG EVERYONE’S CC # WAS LEAKED!!!1!’ disaster Mashable’s making it out to be.
Stories like this are why I hate the tech ‘press’. Like a fifty-foot toddler, all they do is stumble around, make a lot of noise, and shit all over everything. Not one in ten of them knows enough about technology to properly evaluate whatever they happen to bump into, and the traffic they drive from their sites to your startup is ephemeral and useless. It’s gotten to the point where when I read an ‘expose’ of Company X, I think ‘poor Company X – I wonder how that blogger screwed them over, and how much time they’re going to have to waste on this.’ Today, I’m feeling sorry for Blippy.
UPDATE: Blippy’s official response. Yep, I was right.
{ 9 comments… read them below or add one }
I hear you man, but this is a pretty big fuckup. Even if Mashable had written the story correctly (“Blippy Exposes 4 Users’ CC#s to the world”) it would have been real bad for them … Not that it makes it okay, but lazy journalists are an inevitability and this was not a completely unfounded story.
The Mashable story is correct — users’ credit card data was exposed to search engines. Your point is that because only a small number of users were affected, the story shouldn’t be reported on? I think exposing any credit card numbers to Google would seem to be an issue, especially for a company that’s so heavily reliant on the trust of its users.
Additionally, Mashable wrote a followup story explaining how the data was made public, linked to from the top of the original post. That post includes Blippy’s full response and the number of users affected. Seems to me the reporting is very fair.
Add Twitterati like Scoble to the fifty-foot toddler list.
Greg, thanks for the blog post.
I definitely understand your issues with the tech press in general, and understand what you’re complaining about. Mashable tries its best to get the facts straight and to correct them or follow-up with more information when we don’t. We have to balance that with getting articles out at lightning speed though, as the real-time web is a cruel mistress. Given that, I think we had strong coverage of the Blippy story, but we can always do better.
As the Co-Editor of Mashable, it’s my job to oversee the direction of our coverage. To that end, I will keep a keen eye on our coverage so that we are reporting the facts as quickly and accurately as possible. In addition, our team works every day with industry leaders to broaden and deepen their knowledge of the issues, and I will continue to promote that philosophy at Mashable.
Feel free to drop me an email at ben@mashable.com whenever you feel like we’re not achieving the quality that you and the rest of our readership deserve.
Thanks again,
- Ben, Co-Editor
The issues you discuss are rampant. Mashable is one of the worst, and they are consistent in this cause, but they are not alone. It would require a full-time staff on a unique site to right the wrongs such as these.
The way to win is to be differentiated, and fight for quality. Those that do the right things in this business should be rewarded, and we need to find a way to highlight them as often as we highlight those who don’t deserve the visibility.
Funny, but this is a pretty big stuff-up. I don’t think the “press” is overdoing it. In actual fact I think it deserves more attention than it’s getting. Who would trust Blippy if even just *one* cc number leaks into search?
Sorry, but in an industry where paying $5000 for stolen goods counts as journalism, I have to call the merely inaccurate sites like Mashable “the good guys”.
Pete, I’m not suggesting that this wasn’t worth reporting on. It was, like Noah says, a fuckup. But the damage you can do to a startup with a single story makes this worth reporting correctly.
Just a little bit of investigating prior to publishing would’ve revealed that only a tiny number of people were affected in a corner case. Not good, but not really deserving of yesterday’s reaction.
Oh boy, you are so correct. I once worked for an Internet startup that unwisely developed their product in *total* stealth mode (even used the temporary company name Birdshell to hide what it was doing).
Which meant their public rollout had to be *perfect*.
There were three ways of accessing the service; you could type netword/[word or phrase you're looking for] and the browsers of the period would Do The Right Thing, you could of course use our the home page, or you could download and install a program.
I don’t know if our marketing guy messed up or what, but *every* press report obsessed on the download and dismissed the company’s prospects based on that. And epic fail for all concerned (although ultimately our new devil investors were in the process of killing the company anyway; when they soon after turned away KPCB who had cold called us in the first and only conference call (integration into Netscape would have made a big difference) it was clearly all over…).