It Turns Out That Venmo Transactions are Public by Default

A security researcher analyzed over 200 million Venmo transactions. She discovered something disturbing:

Anyone can track a Venmo user’s purchase history and glean a detailed profile – including their drug deals, eating habits and arguments – because the payment app lacks default privacy protections.

[Could ‘Apple Cash’ Take on Venmo?]

Public Venmo Transactions

Berlin-based researcher Hang Do Thi Duc used a public application programming interface to access the data. She was able to see the names of every user who didn’t change their privacy settings. The information included names, transaction dates, and the message sent with each payment.

Conversation between two users about Venmo transactions.
A conversation between a couple about their transactions

She created a website called Public by Default to call out Venmo’s policy. Ms. Do Thi Duc found entire conversations between couples, users buying weed, and a person who ran a food card near the University of Santa Barbara campus.

One young woman nicknamed the YOLO-ist eats a lot of junk food based on her transactions. Ms. Do Thi Duc said this information could be used by health insurance companies.

[iPhone Privacy for the Paranoid: What You Can Do]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.