A security researcher analyzed over 200 million Venmo transactions. She discovered something disturbing:
Anyone can track a Venmo user’s purchase history and glean a detailed profile – including their drug deals, eating habits and arguments – because the payment app lacks default privacy protections.
Public Venmo Transactions
Berlin-based researcher Hang Do Thi Duc used a public application programming interface to access the data. She was able to see the names of every user who didn’t change their privacy settings. The information included names, transaction dates, and the message sent with each payment.
She created a website called Public by Default to call out Venmo’s policy. Ms. Do Thi Duc found entire conversations between couples, users buying weed, and a person who ran a food card near the University of Santa Barbara campus.
One young woman nicknamed the YOLO-ist eats a lot of junk food based on her transactions. Ms. Do Thi Duc said this information could be used by health insurance companies.