Some people said it was the biggest startup to come out of Stanford since Google. After securing some seed funding from professors, and then raising $25 million in a party round, Clinkle was destined for greatness among startups. Clinkle was designed to become the payment service all of us could use to manage credit cards, banks, and cash from our smartphones.
And yet, I’m guessing the majority of this blog’s readers have never heard of them. Why could that be?
The rise comes before…
Launched in 2011, Clinkle got a lot of hype. Big names like Richard Branson and Peter Thiel, and organizations like Intuit and Intel were among the investors. They were clearly excited about something. But Clinkle has remained in stealth mode, with only a leaked video showing what they’ve been up to. If so many luminaries are excited about this, why haven’t they come out, shown the product, and started picking up customers? Instead, late last year they announced significant layoffs.
It seems from an outsider perspective at least that Clinkle isn’t taking things seriously enough. Rumors of discontent with Clinkle’s 22 year old CEO have run rampant. It seems that they may have believed in their own hype too much, and just believed that they would succeed.
…the security breach.
And then last week, Clinkle suffered a breach of security that is serious enough to make everyone wonder whether they will have a chance to break out of these personnel and business issues to be successful.
As reported by TechCrunch, 33 of Clinkle’s users, most of which seem to be Clinkle employees, had their information – names, user IDs, profile photos, and phone numbers – leaked for all to see.
According to the individual who leaked the information, this was not a complicated breach. The unauthenticated user obtained the information using app’s autocomplete capability. Since this was performed without authentication, there is no way for Clinkle to trace the user that breached the information.
Impacts of the breach
How bad of a security breach is this? It’s not terrible. Most of us have our names, photos, and phone numbers plastered all over the Internet already, and so those individuals are probably no more at risk than you or I from getting our identity stolen.
However, there are two really bad things about this for Clinkle.
First, for a company that is focused on finances and payments to have any sort of breach begs the question of whether security has truly been designed into the product. If it is possible to receive information about any user of the service without even being a user myself, how many other ways can information be leaked by this system?
Second, for a company that is already going through some growing pains, having a published list of your employees can be a problem. Corporate espionage is real, and now competing businesses have a list of their targets they should befriend to learn more about what Clinkle is doing – or people to hire away to directly compete.
Startups have a lot to worry about, between funding, personnel, and creating and marketing a product. Each of those things, if not done correctly, can reduce the startup’s chances of success.
Startups also need to worry about designing security in at an early stage. Especially if they are in regulated industries such as financial or healthcare. I contend that suffering a security breach before you’ve even released your product could mean certain doom for many startups.
Startups can’t afford to wait to worry about security.