GiffGaff's Latest Balls-Up Exposes User PayPal Addresses

By Sam Gibbs on at

Uh oh, looks like the network run by the people has gaffed again. This time it seems GiffGaff's managed to publically send everyone's PayPal addresses to everyone else while attempting to pay community members back for all their shilling for the network.

It looks like the MVNO is having a right old time of it, with at least two failed attempts to get things straight, by the looks of it. It's all to do with the way people get paid back for services to GiffGaff, which users can choose to get via PayPal.

While leaked email addresses aren't a massive deal these days, these are all linked to PayPal accounts, which makes the whole thing a tad more compromising. If you happen to be a PayPal-wielding GiffGaffer, then you better watch out for phishing attacks -- check that email you just got really was from PayPal and not some pesky scammer.

Thanks Matt!

Update: Here's what GiffGaff currently has to say about the whole mess:

I appreciate you would like more information, our first priority is getting the correct information out to impacted members. Since identifying the issue we've been in contact with our legal team and will be following a process where we will be collecting all the details and will be pro-actively reporting this to the Information Commission along with details about additional measures we'll be putting in place to prevent this from happening again. Please note, the email was sent to a small number of members, not our entire base. There was an error where the email included an email address of someone else. This again was down to human error and we're taking immediate measures to rectify.

Update 2: GiffGaff has been in touch to share an official statement-come-apology on the matter with us.

Yesterday a small number of giffgaff members received an email containing incorrect information regarding Payback. Human error meant that the affected members received a Payback update containing the wrong email address for their PayPal account.

Affected members have been contacted and we would like to assure members that no other details were compromised.

We take all privacy matters extremely seriously and would like to apologise to all members concerned. Since identifying the issue we have been in contact with our legal team. We are now reporting the issue to the Information Commission, along with additional measures we’re putting in place to stop this happening again.

Further updates on this issue are available on the giffgaff forum. We are committed to ensuring that nothing of this nature happens again and would like to apologise unreservedly to our members for this mistake.