This is the old Gittip blog. We have renamed to Gratipay and moved our blog.

Forty-one Accounts Involved in Security Leak

February 7, 2014, 3:41 pm

On February 4, 2014, we leaked security tokens for the Venmo accounts of 41 Gittip users, which an attacker could have used to steal money. We discovered the leak on February 7, whereupon we stopped the leak and notified Venmo. Venmo revoked the affected security tokens, and has confirmed that no transactions were made using these tokens.

For affected users, no further action is required. If you have questions, please email us at or otherwise contact us.

For details, please see the incident repository, which was private while the incident was underway and has been made public with this disclosure.

Sorry. :-(