I'm not really sure what you're referring to. I haven't assumed anything, publishing credit card numbers is about the worst thing you can do when dealing with people's financial credentials. Maybe you don't think it's a big deal, but I'm sure you're not one of the people who's card information was being plastered on the internet.
Additionally, I don't think I was being sensationalist - when this posting first went up there was no apology, just a long explanation of why this wasn't a big deal.
I wasn't being moralistic, made no demands, nor did I exaggerate anything.
I've been here just as long as you have (longer, actually; but who's counting, right?) so you can save the reddit comments.
They published the "DESCRIPTION". They did not know that sometimes banks put full credit card numbers in that field.
Personally, I'd be angry at the banks for doing something so stupid. Do you think your bank should ever give out your credit card number in such a stupid way?
>> "publishing credit card numbers is about the worst thing you can do when dealing with people's financial credentials."
True enough. But that's not the full story of what happened. They published the transactions description as given to them by the bank.
FWIW, I have never used their service, and have no ulterior motive to defend them. I just hate over-reactionary mob mentality at work.
I read their response. Their response is precisely why this is a big deal. They should have known that credit card numbers might have been in the description field - anyone who deals with bank feeds with any regularity would know that.
Banks and merchants have been doing stupid things for decades; but what they haven't been doing is publishing those details for all to see.
One would hope that Blippy had done some due-diligence and had some concepts about the kind of data they'd be dealing with when they decided to take transaction feeds and publish them. They've clearly figured that out now.
My point was that it didn't seem like they were treating this as something truly serious.
It's not the bank's fault because that wasn't meant to be public information when they built their system. It wasn't the consumer's fault (any more than signing up for a questionable service) because they aren't supposed to know the details of what's inside a transaction feed. By default, it's Blippy's fault because they should have known better.
Nobody is asking them to fall on their sword over this; but it would have been nice to get some indication that they thought it was a big deal.
>> "it would have been nice to get some indication that they thought it was a big deal."
It could have been a big deal, if it had affected more than 4 beta users, or if they hadn't noticed and hadn't fixed it.
I'd rather base level of outrage on what happened rather than what could have happened. Obviously you take all precautions you can possibly think of, but shit happens.
I'm not really sure what you're referring to. I haven't assumed anything, publishing credit card numbers is about the worst thing you can do when dealing with people's financial credentials. Maybe you don't think it's a big deal, but I'm sure you're not one of the people who's card information was being plastered on the internet.
Additionally, I don't think I was being sensationalist - when this posting first went up there was no apology, just a long explanation of why this wasn't a big deal.
I wasn't being moralistic, made no demands, nor did I exaggerate anything.
I've been here just as long as you have (longer, actually; but who's counting, right?) so you can save the reddit comments.