FeedBurner Leaked my Sensitive Personal Information

Bank Deal: Earn 1.00% APY on an FDIC-insured savings account at Barclays.


As many of you know, I manage my RSS feed through FeedBurner. As you may or may not know, FeedBurner has recently developed a mechanism for monetizing RSS feeds by placing ads at the end of posts within your feed. This program is in the process of being rolled out, and participation is currently by invitation only.

Well, last night I learned that I had been invited to participate, so I signed up to see what it was all about. Not long ago I received a welcome e-mail, and shortly thereafter I received two messages about ads being available for my feed… The problem was that, while one of these messages was meant for me, the other was clearly intended to go to Jim of pfBlueprint.

When I contacted Jim about this glitch, I learned that FeedBurner is having trouble keeping their publishers straight. In fact, he told me that when he logged in, MY payment information (including things like my social security number) came up in HIS account. Nice. Really nice. FeedBurner has now officially shared my sensitive personal information with at least one other person. Fortunately, I know and trust Jim, and I’m not particularly worried that he’ll try to steal my identity. That being said, I’m still more than a little bit pissed off right now. And I’m still not sure how many other people got this information.

After reporting this to FeedBurner I received a prompt reply thanking me for my patience while they look further into this matter. Guess what? I’m not feeling particularly patient right now.

Update: It’s still not clear what happened, but apparently it’s a glitch in the FeedBurner system, as the signup process is totally automated — thus, there’s no room for a simple data transposition. The only thing that Jim and I have in common (aside from our stunningly good looks and the fact that we run two of the best personal finance blogs in existence ;)) is that we both signed for the FeedBurner Advertising Network at roughly the same time last night. I should also note that the folks at FeedBurner have been very responsive and are working hard to sort out what went wrong.

14 Responses to “FeedBurner Leaked my Sensitive Personal Information”

  1. Anonymous

    Pogue,

    It’s not that it’s illegal to have a data breach. But depending on what state the victims live in, it’s illegal to NOT disclose it.

    TO FEEDBURNER:
    25 states have data breach notification laws. 10 of those do NOT require that information be materially compromised or likelihood of harm
    before notification required. I don’t know the details, but you may be required to disclose this in writing to many of your customers regardless. If you need help (no charge), contact me at tfragala [at] gmail.com.

    Nickel–what state do you live in?

  2. Anonymous

    Nickel’s social security number is… get a pen now… 123-45-6789. If I didn’t see it with my own eyes, I wouldn’t have believed it myself but he is in fact the person who has that SSN.

    Don’t bother signing up for any credit cards, I tried and was declined three times. His credit is awful.

  3. Anonymous

    That’s probably not only a breach of their own privacy policy, but could be illegal depending on what state you live in.

    Check out the FTC’s page on id theft: http://www.consumer.gov/idtheft/ and check your credit report (you get one copy free from the govt each year from each credit agency at http://www.annualcreditreport.com). Get a copy of one now, and another one in 3-6 months and make sure nothing fishy is going on.

    Best of luck,
    pogue

  4. Anonymous

    Hi there, thanks for the note. We will continue to review this situation in our staging environment. We have numerous publishers in our ad network and we rigorously test all parts of our application, especially those secured using SSL, for proper handling of sensitive data. We will continue to analyze this scenario and keep you informed.

  5. Anonymous

    I’m glad you let me know. I was about to give FeedBurner all my juicy information, but I think I’ll hold off on doing that while they sort out their problems.

Leave a Reply