Set as Homepage - Add to Favorites

【Michael Maien】

Source:Information Information Network Editor:Digital Culture Time:2025-06-26 01:03:49

Next time you make a payment on Michael MaienVenmo, beware: almost anyone can track it.

The popular mobile payments app is sharing users' personal data — including real names, comments sent with the payment, transaction dates, and recipients of the transaction — with the public by default. This information is being exposed through company’s public API, and it can be hidden by adjusting your privacy settings from "Public" to "Private."

Security researcher Hang Do Thi Duc recently discovered this "alarming amount" of information being leaked by examining the public API. The reason its happening, the researcher suggests, is because the Venmo app's default settings are set to "Public" for all users.

Using transaction data made available through the public API, Do Thi Duc downloaded 207,984,218 Venmo transactions, all the public transaction made on the app in 2017, and analyzed them. She has detailed her findings in an aptly named project called Public By Default.

SEE ALSO: Venmo fare-splitting is coming to the Uber app

To show just how much detail you can pull from the public Venmo transaction data, Do Thi Duc’s Public By Default project focuses on on five specific Venmo accounts. The five accounts, whose identities she’s chosen to keep private, include a Cannabis seller in California, a food truck vendor, a married man and woman, a junk food lover, and a fighting couple.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

The amount of information Do Thi Duc is able to pull from the transaction data Venmo is sharing is pretty astonishing. For example, she was able to track the food truck vendor’s number one customer and find exactly when she’d go and what she was buying to eat. In the case of the married couple, Do Thi Duc was able to not only tell where they shop but also who was responsible for what bill.

In her report, Do Thi Duc was able to obtain even more information about the people behind these public transactions based on the profile picture they were using. If a Venmo user chose to link up their Facebook account so they can use the same profile picture as their Venmo avatar, Venmo’s public API shares the Facebook picture URL along with the rest of the transaction. This profile picture URL includes a user’s Facebook ID, which in turn will direct you straight to a person Facebook profile.

The fact that Venmo has enabled such easy access to this type of information in the form of a public API is problematic. In the hands of the right – or wrong – person this info is ripe for identity theft. Not only that, but the access to this information by say a stalker or domestic abuser is potentially dangerous.

In a statement, Venmo is quick to point out that while the “safety and privacy of Venmo users and their information is one of our highest priorities,” when it comes to protecting this information, it’s up to each Venmo user to change their default Venmo settings and make it private.

We recommend you do just that.

Featured Video For You
Would you throw $19,000 on this bathtub?

Topics Cybersecurity Privacy

Previous:The Midterms and the Turn Leftward

Next:Cold War Fever

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

Thirsty presenter can't hide his strong feelings for Chris HemsworthWearing socks to bed is fine, you monstersRihanna now has more top 10 Billboard singles than Michael JacksonRihanna now has more top 10 Billboard singles than Michael JacksonFrances Bean Cobain shares note to commemorate Kurt Cobain's 50th birthdayFacebook made a version of Snapchat Stories for WhatsApp tooHow to lock in your new Nintendo ID before Switch arrivesFrom 'Boober' to #DeleteUber, the 12 times Uber disgusted all of usMiserable Kings fans dedicate their subreddit to 'The Lion King' after abysmal tradeYahoo dodges disaster on Verizon deal — but still loses $350 million10 famous quotes that you probably misattributedMiserable Kings fans dedicate their subreddit to 'The Lion King' after abysmal tradeThis viral picture of a goalkeeper eating a pie isn't what it seemsMaisie Williams shares extremely cute birthday wish for TV big sis, Sophie TurnerSit back and let the #NoBallChallenge take over your timelineDamian Lewis and Paul Giamatti explain why ‘Billions’ Season 2 is more relevant than everPonies get matching sweaters for trip to meet their relativesJohn Cena is helping Nintendo advertise the Nintendo SwitchUber's ratings are in the toiletSit back and let the #NoBallChallenge take over your timeline The Displaced Person: A Syllabus by Robert Glück Paul Bowles in Tangier by Frederic Tuten On Bei Dao’s Visual Art by Jeffrey Yang Real Play by Devon Brody A Fall Dispatch from the Review’s Poetry Editor by Srikanth Reddy Ripping Ivy by Mary Childs I’m High on World of Warcraft by Patrick McGraw Child Reading by Timmy Straw Reading the Room: An Interview with Paul Yamazaki by Seminary Co On Sven Holm’s Novella of Nuclear Disaster by Jeff VanderMeer W Stands for W by Stephen Haines The Frenchwoman from Indianapolis by Rosa Lyster Fixer Upper: Larry McMurtry’s Library by Colin Ainsworth Summer by Kate Zambreno Madeleines by Laurie Stone Toyota Yaris by Sarah Miller Gravity and Grace in Richard II by Cristina Campo Dirty Brown Subaru Outback by Kelan Nee The Church Van by Caleb Gayle Essay on the Sky by Vincent Katz

1.6865s , 10130.6875 kb

Copyright © 2025 Powered by 【Michael Maien】,Information Information Network  

Sitemap

Top

Quick Links