On February 4, 2014, we leaked security tokens for the Venmo accounts of 41 Gittip users, which an attacker could have used to steal money. We discovered the leak on February 7, whereupon we stopped the leak and notified Venmo. Venmo revoked the affected security tokens, and has confirmed that no transactions were made using these tokens.
For affected users, no further action is required. If you have questions, please email us at support@gittip.com or otherwise contact us.
For details, please see the incident repository, which was private while the incident was underway and has been made public with this disclosure.
Sorry. :-(