时间:2025-04-04 05:21:15 来源:网络整理编辑:綜合
Next time you make a payment on Venmo, beware: almost anyone can track it.The popular mobile payment
Next time you make a payment on Venmo, beware: almost anyone can track it.
The popular mobile payments app is sharing users' personal data — including real names, comments sent with the payment, transaction dates, and recipients of the transaction — with the public by default. This information is being exposed through company’s public API, and it can be hidden by adjusting your privacy settings from "Public" to "Private."
Security researcher Hang Do Thi Duc recently discovered this "alarming amount" of information being leaked by examining the public API. The reason its happening, the researcher suggests, is because the Venmo app's default settings are set to "Public" for all users.
Using transaction data made available through the public API, Do Thi Duc downloaded 207,984,218 Venmo transactions, all the public transaction made on the app in 2017, and analyzed them. She has detailed her findings in an aptly named project called Public By Default.
SEE ALSO:Venmo fare-splitting is coming to the Uber appTo show just how much detail you can pull from the public Venmo transaction data, Do Thi Duc’s Public By Default project focuses on on five specific Venmo accounts. The five accounts, whose identities she’s chosen to keep private, include a Cannabis seller in California, a food truck vendor, a married man and woman, a junk food lover, and a fighting couple.
The amount of information Do Thi Duc is able to pull from the transaction data Venmo is sharing is pretty astonishing. For example, she was able to track the food truck vendor’s number one customer and find exactly when she’d go and what she was buying to eat. In the case of the married couple, Do Thi Duc was able to not only tell where they shop but also who was responsible for what bill.
In her report, Do Thi Duc was able to obtain even more information about the people behind these public transactions based on the profile picture they were using. If a Venmo user chose to link up their Facebook account so they can use the same profile picture as their Venmo avatar, Venmo’s public API shares the Facebook picture URL along with the rest of the transaction. This profile picture URL includes a user’s Facebook ID, which in turn will direct you straight to a person Facebook profile.
The fact that Venmo has enabled such easy access to this type of information in the form of a public API is problematic. In the hands of the right – or wrong – person this info is ripe for identity theft. Not only that, but the access to this information by say a stalker or domestic abuser is potentially dangerous.
In a statement, Venmo is quick to point out that while the “safety and privacy of Venmo users and their information is one of our highest priorities,” when it comes to protecting this information, it’s up to each Venmo user to change their default Venmo settings and make it private.
We recommend you do just that.
TopicsCybersecurityPrivacy
Ivanka Trump's unpaid interns share cringeworthy financial advice2025-04-04 05:01
魯媒 :10多名球員入選兩國字號 嚴重影響泰山隊冬訓2025-04-04 04:18
海港冬訓訓練強度大 顏駿淩不休假取經沃克2025-04-04 04:13
哈蘭德已決定加盟皇馬 戰艦擔憂其成為阿紮爾第二2025-04-04 04:03
Is Samsung's Galaxy Note7 really the best phone?2025-04-04 04:00
周一見!瑞士美國富豪求購切爾西 官宣迫在眉睫?2025-04-04 03:51
國足海口重啟集訓 或熱身長春亞泰與U23國足2025-04-04 03:28
2022亞冠西亞區賽地敲定 沙特將承辦小組賽比賽2025-04-04 03:14
Wikipedia co2025-04-04 03:05
郵報 :滕哈特正在學習英語 願在今夏前往曼聯執教2025-04-04 02:57
New Zealand designer's photo series celebrates the elegance of aging2025-04-04 05:18
國奧相當重視與越南一戰 不希望再往中國足球傷口撒鹽2025-04-04 05:08
西甲官方紀念武磊打入西甲首球3周年:整整三年了2025-04-04 04:45
全場遭噓+錯失單刀! 失意新巴蒂暖心安慰烏龍對手2025-04-04 04:24
Pole vaulter claims his penis is not to blame2025-04-04 04:21
曝德國足協不禁賽俄羅斯球員 可繼續參加德甲德乙2025-04-04 04:13
7天5戰!國足國奧將同赴西亞作戰 這次能不聽取罵聲一片嗎2025-04-04 04:01
官方:女足國腳呂悅雲加盟長春大眾卓越女足2025-04-04 03:20
Pole vaulter claims his penis is not to blame2025-04-04 03:12
國足最後兩場若取勝仍有積極意義 唯一優勢是在福地作戰2025-04-04 02:41