时间:2025-04-04 10:06:20 来源:网络整理编辑:綜合
Next time you make a payment on Venmo, beware: almost anyone can track it.The popular mobile payment
Next time you make a payment on Venmo, beware: almost anyone can track it.
The popular mobile payments app is sharing users' personal data — including real names, comments sent with the payment, transaction dates, and recipients of the transaction — with the public by default. This information is being exposed through company’s public API, and it can be hidden by adjusting your privacy settings from "Public" to "Private."
Security researcher Hang Do Thi Duc recently discovered this "alarming amount" of information being leaked by examining the public API. The reason its happening, the researcher suggests, is because the Venmo app's default settings are set to "Public" for all users.
Using transaction data made available through the public API, Do Thi Duc downloaded 207,984,218 Venmo transactions, all the public transaction made on the app in 2017, and analyzed them. She has detailed her findings in an aptly named project called Public By Default.
SEE ALSO:Venmo fare-splitting is coming to the Uber appTo show just how much detail you can pull from the public Venmo transaction data, Do Thi Duc’s Public By Default project focuses on on five specific Venmo accounts. The five accounts, whose identities she’s chosen to keep private, include a Cannabis seller in California, a food truck vendor, a married man and woman, a junk food lover, and a fighting couple.
The amount of information Do Thi Duc is able to pull from the transaction data Venmo is sharing is pretty astonishing. For example, she was able to track the food truck vendor’s number one customer and find exactly when she’d go and what she was buying to eat. In the case of the married couple, Do Thi Duc was able to not only tell where they shop but also who was responsible for what bill.
In her report, Do Thi Duc was able to obtain even more information about the people behind these public transactions based on the profile picture they were using. If a Venmo user chose to link up their Facebook account so they can use the same profile picture as their Venmo avatar, Venmo’s public API shares the Facebook picture URL along with the rest of the transaction. This profile picture URL includes a user’s Facebook ID, which in turn will direct you straight to a person Facebook profile.
The fact that Venmo has enabled such easy access to this type of information in the form of a public API is problematic. In the hands of the right – or wrong – person this info is ripe for identity theft. Not only that, but the access to this information by say a stalker or domestic abuser is potentially dangerous.
In a statement, Venmo is quick to point out that while the “safety and privacy of Venmo users and their information is one of our highest priorities,” when it comes to protecting this information, it’s up to each Venmo user to change their default Venmo settings and make it private.
We recommend you do just that.
TopicsCybersecurityPrivacy
Olympian celebrates by ordering an intimidating amount of McDonald's2025-04-04 09:26
低開高走!薩內浪射不斷 臨下場前轟世界波“救贖”2025-04-04 09:03
半島晨報:中國足協有義務展開調查 傳聞不斷應還原真相2025-04-04 08:43
拜仁VS比勒菲爾德首發:萊萬領銜 穆勒薩內出戰2025-04-04 08:36
Australian football makes history with first LGBT Pride Game2025-04-04 08:17
巴薩前瞻:哈維爭客場首勝 小鬼當家登貝萊難首發2025-04-04 07:41
低開高走 !薩內浪射不斷 臨下場前轟世界波“救贖”2025-04-04 07:38
媒體人:國足換帥已經進入倒計時 概率99%2025-04-04 07:27
Over 82,000 evacuate as Blue Cut fire rapidly spreads in southern California2025-04-04 07:26
半島晨報:中國足協有義務展開調查 傳聞不斷應還原真相2025-04-04 07:25
Major earthquake and multiple aftershocks rock central Italy2025-04-04 10:03
終極目標!法國足球主編:C羅希望退役時金球比梅西多2025-04-04 09:29
海港外援中衛邁斯老傷複發 大概率錯過本賽季剩餘聯賽2025-04-04 09:26
官方:米蘭宣布續約皮奧利至2023 含延長一年選項2025-04-04 09:25
Two states took big steps this week to get rid of the tampon tax2025-04-04 08:57
巴薩談妥冬窗租借曼城妖星 瓜帥點頭放人+強製買斷2025-04-04 08:21
世預賽洲際附加賽:亞洲遭遇南美 中北美VS大洋洲2025-04-04 08:04
祝福 !前阿根廷國腳馬克西2025-04-04 07:55
Pole vaulter claims his penis is not to blame2025-04-04 07:44
利物浦前瞻 :薩拉赫衝吉格斯神跡 範迪克馬內反戈2025-04-04 07:28