News

Vulnerability Found in Venmo Public API Causing Massive Data Leak

By Nitish Singh
Venmo
Image Courtesy of Cnet
  • A privacy advocate discovered a vulnerability in Paypal-owned Venmo app’s API which has led to a large number of transactions being leaked by the app.
  • The Venmo API has transaction records set to “Public” as default which allows anyone access to the API to see all ongoing transactions.
  • The app has leaked 207,984,218 transactions in 2017 alone, and researchers claim that the problem has existed since 2016 and was not patched.

PayPal is in the middle of a major data leak with its subsidiary Venmo publicizing data amounting to 207,984,218 transactions. Venmo made its API publicly accessible by default causing the US-only mobile payments platform to suffer from the massive leak. Security researchers had warned the app about the vulnerability back in 2016, but no steps were taken to secure the platform.

Users have been requested to set the Venmo app’s default settings to Private to avoid further public data access. The data that was leaked out includes the names of the senders and recipients, avatars of Venmo users, dates of transactions, transaction type, and optional comments. Privacy advocate Hang Do Thi Duc is not the first person to find out about the issue. Another advocate Dan Gorelick discovered the vulnerability in 2016, but the issue was not resolved until now.

All transactions until yesterday are still available for public access via the public API. A tutorial was made by Gorelick available for all Venmo users to secure their data. Recently Duc also made his own guide to visually indicate how to secure transaction data on the platform.

Duc revealed in her blog post “I used Venmo's public API to download all public transactions of 2017, pulling in a total of 207,984,218 transactions. By looking through users and their transactions, I learned an alarming amount about them.”

With security issues being more common than ever, PayPal happens to be just one of many big companies to be caught in a data breach. The Venmo data is exposed by the developers themselves, and it is likely that the company will be held accountable for the breach in the near future with GDPR guidelines in place.

What do you think about the recent data leak by the Paypal-owned payments app? Let us know in the comments below. Get instant updates on TechNadu’s Facebook page, or Twitter handle.

Add a Comment

Latest
Streaming
How to Watch Wild Isles Online for Free: Stream the 2023 David Attenborough Series from Anywhere
Lore Apostol - 0
Wild Isles is a British series focused on nature, and we have the premiere date, plot, episode release schedule, and other details....
Read more
Streaming
How to Watch Naked and Afraid: Solo Online from Anywhere
Lore Apostol - 0
Naked and Afraid: Solo is a new spin-off series set to premiere soon, and the best part is that it will be...
Read more
Streaming
How to Watch SWV & Xscape: The Queens of R&B Online from Anywhere
TechNadu Staff - 0
Get ready to hop on the nostalgia train as you watch SWV & Xscape: The Queens of R&B bring 90’s R&B music...
Read more

© TechNadu 2023. All Rights Reserved.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari