Neighbor News
Venmo Transactions Easily Obtained Over Privacy Settings
Users must be intimated regarding any changes in their personal settings. Venmo failed to do so effectively compromising on their user data.
A student of computer science has been able to obtain seven million Venmo transactions to prove that users’ public activity can is easily accessible. A privacy researcher downloaded hundreds of millions of Venmo transactions last year as well.
Dan Salmon did this over a period of six months to proactively inform users to set their Venmo payments to private.
Hang Do Thi Duc, a former Mozilla fellow, downloaded 207 million transactions last year of this mobile payment company. This happened because Venmo payments between users are public by default.
Find out what's happening in New York Cityfor free with the latest updates from Patch.
An year has passed but the company’s security hasn’t improved and this raises serious questions. Perhaps, it is time for the company to seek the services of a quality security testing company. It’s still easy to download such critical data through the company’s developer API without obtaining any need for user permission or app.
With this data anyone can view a user’s public transaction history, money shared with the person, at what time and for what reasons.
Find out what's happening in New York Cityfor free with the latest updates from Patch.
“There’s truly no reason to have this API open to unauthenticated requests,” he told TechCrunch. “The API only exists to provide like a scrolling feed of public transactions for the home page of the app, but if that’s your goal then you should require a token with each request to verify that the user is logged in.”
The student published the data on his GitHub page.
Venmo has done literally nothing to address the privacy issues for its 40 million users since the tragedy last year. It is time for Venmo users to start acting on their own and change their default privacy settings from public to private.
Venmo has tried to make data scraping difficult rather than improving the privacy issues.
Last year, PayPal settled with the Federal Trade Commission over privacy and security violations. PayPal owns Venmo. The company was facing heavy criticism for its security issues. FTC said that the company was not intimating the users properly regarding the public or private nature of their transactions Venmo said that their security was bank-grade. However, an year later, this claim falls flat to the ground.
If you are a Venmo user, it’s high time you take measures to secure your privacy.
