Thursday, October 19, 2006
Here at the FeedBlitz blog I write about our successes and our service issues because I believe that, by being transparent to our ups and our downs as we grow, we build a better business that ultimately serves you better. Today, I’m writing to inform you of an issue that we take very seriously at FeedBlitz – your privacy. We strive to keep your email addresses safe and secure, to reduce the chances of spam and other threats.
Unfortunately, late on Tuesday night we were informed of an issue that had made some email addresses visible outside the service, due to a previously undiscovered flaw in the FeedBlitz software. The problem was fixed Wednesday, within hours of our being notified of the underlying cause, and we're taking other steps to further improve our security as we finalize FeedBlitz v2.
Now, we haven't seen or heard of any issues, but having discovered the potential for risk I think you should know about it. Meanwhile, you may have questions. I'm happy to take the time to answer them directly by email or in the comments below. Here are a couple to kick off with:
Q: Was FeedBlitz hacked?
A: No. We were not broken into, nor were we compromised by a virus or any malware. The issue was the result of a software implementation issue (a bug, in other words).
Q: So what caused the problem?
A: Without going into too many details, there was a previously unnoticed defect that could reveal subscriber addresses online if it happened to be accessed in a particular way. A third party found this issue and notified us.
Q: Is it only email addresses?
A: Yes - we don't store any other information (for example, premium customer credit card information is held by PayPal, not by us).
So there you have it. You know, sometimes I think that perhaps I err by being too open on this blog. So one thing I'd like your feedback on all this is this: is there too much information in the blog, good and bad? Not enough? Or is at the Goldilocks point - just about right? Is the balance OK, or skewed too far one way or the other? Let me know...
Phil
Unfortunately, late on Tuesday night we were informed of an issue that had made some email addresses visible outside the service, due to a previously undiscovered flaw in the FeedBlitz software. The problem was fixed Wednesday, within hours of our being notified of the underlying cause, and we're taking other steps to further improve our security as we finalize FeedBlitz v2.
Now, we haven't seen or heard of any issues, but having discovered the potential for risk I think you should know about it. Meanwhile, you may have questions. I'm happy to take the time to answer them directly by email or in the comments below. Here are a couple to kick off with:
Q: Was FeedBlitz hacked?
A: No. We were not broken into, nor were we compromised by a virus or any malware. The issue was the result of a software implementation issue (a bug, in other words).
Q: So what caused the problem?
A: Without going into too many details, there was a previously unnoticed defect that could reveal subscriber addresses online if it happened to be accessed in a particular way. A third party found this issue and notified us.
Q: Is it only email addresses?
A: Yes - we don't store any other information (for example, premium customer credit card information is held by PayPal, not by us).
So there you have it. You know, sometimes I think that perhaps I err by being too open on this blog. So one thing I'd like your feedback on all this is this: is there too much information in the blog, good and bad? Not enough? Or is at the Goldilocks point - just about right? Is the balance OK, or skewed too far one way or the other? Let me know...
Phil
|
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.
<< Home