Hallmark said it has patched a privacy hole on its Web site that left intimate electronic greetings exposed to the world for up to two-and-a-half months.
"I want to really reassure people that greetings, birthday greetings, and valentines sent from December 1997 forward are fully protected and are kept private and confidential," said company spokeswoman Julie O'Dell on Friday.
But until Wednesday, a server-configuration oversight revealed the intimate details of otherwise secure and private messages. The hole may have revealed names, addresses, email addresses, and other information to anyone who stumbled upon it.
The Hallmark site invites users to create private messages that are stored on the company's servers. The recipient of the message is sent an email notification with the message's URL and a password. Though the messages are understood to be private, until this week the site's search engine opened a door to a file full of them.
Engineers excised the file from the public server in time for Valentine's Day, one of the company's busiest times of the year.
O'Dell said that the problem surfaced when the company switched servers in December and neglected to remove the file from public view. Hallmark said it contained fewer than 1 percent of the millions of messages processed since the site was launched in 1997.
Hallmark's site offers more than 1,500 electronic greeting cards and claims to receive millions of visitors every month.
O'Dell said the company hadn't received any complaints from customers and didn't think anyone's privacy had been seriously compromised.
