时间:2025-04-02 13:01:17 来源:网络整理编辑:綜合
Next time you make a payment on Venmo, beware: almost anyone can track it.The popular mobile payment
Next time you make a payment on Venmo, beware: almost anyone can track it.
The popular mobile payments app is sharing users' personal data — including real names, comments sent with the payment, transaction dates, and recipients of the transaction — with the public by default. This information is being exposed through company’s public API, and it can be hidden by adjusting your privacy settings from "Public" to "Private."
Security researcher Hang Do Thi Duc recently discovered this "alarming amount" of information being leaked by examining the public API. The reason its happening, the researcher suggests, is because the Venmo app's default settings are set to "Public" for all users.
Using transaction data made available through the public API, Do Thi Duc downloaded 207,984,218 Venmo transactions, all the public transaction made on the app in 2017, and analyzed them. She has detailed her findings in an aptly named project called Public By Default.
SEE ALSO:Venmo fare-splitting is coming to the Uber appTo show just how much detail you can pull from the public Venmo transaction data, Do Thi Duc’s Public By Default project focuses on on five specific Venmo accounts. The five accounts, whose identities she’s chosen to keep private, include a Cannabis seller in California, a food truck vendor, a married man and woman, a junk food lover, and a fighting couple.
The amount of information Do Thi Duc is able to pull from the transaction data Venmo is sharing is pretty astonishing. For example, she was able to track the food truck vendor’s number one customer and find exactly when she’d go and what she was buying to eat. In the case of the married couple, Do Thi Duc was able to not only tell where they shop but also who was responsible for what bill.
In her report, Do Thi Duc was able to obtain even more information about the people behind these public transactions based on the profile picture they were using. If a Venmo user chose to link up their Facebook account so they can use the same profile picture as their Venmo avatar, Venmo’s public API shares the Facebook picture URL along with the rest of the transaction. This profile picture URL includes a user’s Facebook ID, which in turn will direct you straight to a person Facebook profile.
The fact that Venmo has enabled such easy access to this type of information in the form of a public API is problematic. In the hands of the right – or wrong – person this info is ripe for identity theft. Not only that, but the access to this information by say a stalker or domestic abuser is potentially dangerous.
In a statement, Venmo is quick to point out that while the “safety and privacy of Venmo users and their information is one of our highest priorities,” when it comes to protecting this information, it’s up to each Venmo user to change their default Venmo settings and make it private.
We recommend you do just that.
TopicsCybersecurityPrivacy
'Rocket League' Championship Series Season 2 offers $250,000 prize pool2025-04-02 13:00
足協杯上海德比異常火爆 海港掌握晉級絕對主動權2025-04-02 11:50
申花慘敗激怒球迷會:暫停現場助威 直到球隊重大改變為止2025-04-02 11:47
保索成功?索帥下課賠率降至第三 遠低於當前第一2025-04-02 11:41
WhatsApp announces plans to share user data with Facebook2025-04-02 11:40
國足西征名單有減或有增 山東兩將表現突出或重返球隊2025-04-02 11:29
申花慘敗激怒球迷會:暫停現場助威 直到球隊重大改變為止2025-04-02 11:19
賈秀全“棄將”偷襲門將得手拯救球隊 無緣奧運引爭議2025-04-02 11:03
Singapore gets world's first driverless taxis2025-04-02 10:36
國足將繼續主推4後衛打法 “11月戰役”或不再保守2025-04-02 10:23
Whyd voice2025-04-02 12:49
國足熱身遭中甲隊壓製 或帶25名球員前往阿聯酋2025-04-02 12:47
瓜帥談C羅:天生得分機器 曼聯擁有曆史最佳之一2025-04-02 12:40
歐文:格拉利什不適合曼城 費迪南德 :他會越來越好2025-04-02 12:37
MashReads Podcast: What makes a good summer read?2025-04-02 11:42
多位中超主帥西甲再就業 金元足球浪潮徹底褪去2025-04-02 11:32
申花3個月內第二次開場崩盤 本應是勢均力敵的比賽2025-04-02 10:57
追平傑隊 !馬內歐冠進球隊史第二 助紅軍平39年神跡2025-04-02 10:51
Fyvush Finkel, Emmy winner for 'Picket Fences,' dies at 932025-04-02 10:42
國足5將離隊 :韋世豪等4人因家務事退出 高準翼傷退2025-04-02 10:32