As many of you know, I manage my RSS feed through FeedBurner. As you may or may not know, FeedBurner has recently developed a mechanism for monetizing RSS feeds by placing ads at the end of posts within your feed. This program is in the process of being rolled out, and participation is currently by invitation only.
Well, last night I learned that I had been invited to participate, so I signed up to see what it was all about. Not long ago I received a welcome e-mail, and shortly thereafter I received two messages about ads being available for my feed… The problem was that, while one of these messages was meant for me, the other was clearly intended to go to Jim of pfBlueprint.
When I contacted Jim about this glitch, I learned that FeedBurner is having trouble keeping their publishers straight. In fact, he told me that when he logged in, MY payment information (including things like my social security number) came up in HIS account. Nice. Really nice. FeedBurner has now officially shared my sensitive personal information with at least one other person. Fortunately, I know and trust Jim, and I’m not particularly worried that he’ll try to steal my identity. That being said, I’m still more than a little bit pissed off right now. And I’m still not sure how many other people got this information.
After reporting this to FeedBurner I received a prompt reply thanking me for my patience while they look further into this matter. Guess what? I’m not feeling particularly patient right now.
Update: It’s still not clear what happened, but apparently it’s a glitch in the FeedBurner system, as the signup process is totally automated — thus, there’s no room for a simple data transposition. The only thing that Jim and I have in common (aside from our stunningly good looks and the fact that we run two of the best personal finance blogs in existence ;)) is that we both signed for the FeedBurner Advertising Network at roughly the same time last night. I should also note that the folks at FeedBurner have been very responsive and are working hard to sort out what went wrong.
Scary! I think I’ll have to wait looking into this FeedBurner feature.
Pogue,
It’s not that it’s illegal to have a data breach. But depending on what state the victims live in, it’s illegal to NOT disclose it.
TO FEEDBURNER:
25 states have data breach notification laws. 10 of those do NOT require that information be materially compromised or likelihood of harm
before notification required. I don’t know the details, but you may be required to disclose this in writing to many of your customers regardless. If you need help (no charge), contact me at tfragala [at] gmail.com.
Nickel–what state do you live in?
Nickel’s social security number is… get a pen now… 123-45-6789. If I didn’t see it with my own eyes, I wouldn’t have believed it myself but he is in fact the person who has that SSN.
Don’t bother signing up for any credit cards, I tried and was declined three times. His credit is awful.
That’s probably not only a breach of their own privacy policy, but could be illegal depending on what state you live in.
Check out the FTC’s page on id theft: http://www.consumer.gov/idtheft/ and check your credit report (you get one copy free from the govt each year from each credit agency at http://www.annualcreditreport.com). Get a copy of one now, and another one in 3-6 months and make sure nothing fishy is going on.
Best of luck,
pogue
Jim, I’ll give you fifty bucks for Nickel’s identity!
Sorry to hear this — but you got a link from ProBlogger out of the deal! 😉
Hi there, thanks for the note. We will continue to review this situation in our staging environment. We have numerous publishers in our ad network and we rigorously test all parts of our application, especially those secured using SSL, for proper handling of sensitive data. We will continue to analyze this scenario and keep you informed.
unless they find more, never, don’t have a class 🙂
Oh wow, that’s a big hiccup. I wonder how long until the class action lawsuit begins?
I only bought myself a pizza and some beers with the credit I signed you up for. I’m a nice guy. 🙂
I’m glad you let me know. I was about to give FeedBurner all my juicy information, but I think I’ll hold off on doing that while they sort out their problems.