FeedBurner Leaked my Sensitive Personal Information
As many of you know, I manage my RSS feed through FeedBurner. As you may or may not know, FeedBurner has recently developed a mechanism for monetizing RSS feeds by placing ads at the end of posts within your feed. This program is in the process of being rolled out, and participation is currently by invitation only.
Well, last night I learned that I had been invited to participate, so I signed up to see what it was all about. Not long ago I received a welcome e-mail, and shortly thereafter I received two messages about ads being available for my feed… The problem was that, while one of these messages was meant for me, the other was clearly intended to go to Jim of pfBlueprint.
When I contacted Jim about this glitch, I learned that FeedBurner is having trouble keeping their publishers straight. In fact, he told me that when he logged in, MY payment information (including things like my social security number) came up in HIS account. Nice. Really nice. FeedBurner has now officially shared my sensitive personal information with at least one other person. Fortunately, I know and trust Jim, and I’m not particularly worried that he’ll try to steal my identity. That being said, I’m still more than a little bit pissed off right now. And I’m still not sure how many other people got this information.
After reporting this to FeedBurner I received a prompt reply thanking me for my patience while they look further into this matter. Guess what? I’m not feeling particularly patient right now.
Update: It’s still not clear what happened, but apparently it’s a glitch in the FeedBurner system, as the signup process is totally automated — thus, there’s no room for a simple data transposition. The only thing that Jim and I have in common (aside from our stunningly good looks and the fact that we run two of the best personal finance blogs in existence ;)) is that we both signed for the FeedBurner Advertising Network at roughly the same time last night. I should also note that the folks at FeedBurner have been very responsive and are working hard to sort out what went wrong.
Published on May 5th, 2006 - 14 Comments
Filed under: Identity Theft, Online
email this article
- digg this - stumble it - save to del.icio.us
Related articles...
» The Best of FCN — Selections from 05/06» RSS Feed Problems
» Ten New Money Scams, Part 2
» How to Protect Yourself Against Identity Theft
» Here We Go Again… More Financial Data Compromised
» Welcome New York Times Readers!
» Welcome Hartford Courant Readers (and Others)
» Vanguard’s “Enhanced” Login
Get via RSS
I’m glad you let me know. I was about to give FeedBurner all my juicy information, but I think I’ll hold off on doing that while they sort out their problems.
Comment by Nick — May 5th 2006 @ 3:00 pmI only bought myself a pizza and some beers with the credit I signed you up for. I’m a nice guy.
Comment by jim — May 5th 2006 @ 3:14 pmOh wow, that’s a big hiccup. I wonder how long until the class action lawsuit begins?
Comment by Blaine Moore — May 5th 2006 @ 3:47 pmunless they find more, never, don’t have a class
Comment by jim — May 5th 2006 @ 3:51 pmHi there, thanks for the note. We will continue to review this situation in our staging environment. We have numerous publishers in our ad network and we rigorously test all parts of our application, especially those secured using SSL, for proper handling of sensitive data. We will continue to analyze this scenario and keep you informed.
Comment by Traci — May 5th 2006 @ 6:21 pmSorry to hear this — but you got a link from ProBlogger out of the deal!
Comment by FMF — May 5th 2006 @ 7:40 pmJim, I’ll give you fifty bucks for Nickel’s identity!
Comment by Jonathan — May 5th 2006 @ 8:51 pmThat’s probably not only a breach of their own privacy policy, but could be illegal depending on what state you live in.
Check out the FTC’s page on id theft: http://www.consumer.gov/idtheft/ and check your credit report (you get one copy free from the govt each year from each credit agency at http://www.annualcreditreport.com). Get a copy of one now, and another one in 3-6 months and make sure nothing fishy is going on.
Best of luck,
Comment by pogue — May 5th 2006 @ 9:27 pmpogue
Nickel’s social security number is… get a pen now… 123-45-6789. If I didn’t see it with my own eyes, I wouldn’t have believed it myself but he is in fact the person who has that SSN.
Don’t bother signing up for any credit cards, I tried and was declined three times. His credit is awful.
Comment by jim — May 5th 2006 @ 10:32 pmPogue,
It’s not that it’s illegal to have a data breach. But depending on what state the victims live in, it’s illegal to NOT disclose it.
TO FEEDBURNER:
25 states have data breach notification laws. 10 of those do NOT require that information be materially compromised or likelihood of harm
before notification required. I don’t know the details, but you may be required to disclose this in writing to many of your customers regardless. If you need help (no charge), contact me at tfragala [at] gmail.com.
Nickel–what state do you live in?
Comment by Tom F — May 6th 2006 @ 12:10 amScary! I think I’ll have to wait looking into this FeedBurner feature.
Comment by mapgirl — May 6th 2006 @ 8:19 pm