Vulnerability Found in Venmo Public API Causing Massive Data Leak

  • A privacy advocate discovered a vulnerability in Paypal-owned Venmo app’s API which has led to a large number of transactions being leaked by the app.
  • The Venmo API has transaction records set to “Public” as default which allows anyone access to the API to see all ongoing transactions.
  • The app has leaked 207,984,218 transactions in 2017 alone, and researchers claim that the problem has existed since 2016 and was not patched.

PayPal is in the middle of a major data leak with its subsidiary Venmo publicizing data amounting to 207,984,218 transactions. Venmo made its API publicly accessible by default causing the US-only mobile payments platform to suffer from the massive leak. Security researchers had warned the app about the vulnerability back in 2016, but no steps were taken to secure the platform.

Users have been requested to set the Venmo app’s default settings to Private to avoid further public data access. The data that was leaked out includes the names of the senders and recipients, avatars of Venmo users, dates of transactions, transaction type, and optional comments. Privacy advocate Hang Do Thi Duc is not the first person to find out about the issue. Another advocate Dan Gorelick discovered the vulnerability in 2016, but the issue was not resolved until now.

All transactions until yesterday are still available for public access via the public API. A tutorial was made by Gorelick available for all Venmo users to secure their data. Recently Duc also made his own guide to visually indicate how to secure transaction data on the platform.

Duc revealed in her blog post “I used Venmo’s public API to download all public transactions of 2017, pulling in a total of 207,984,218 transactions. By looking through users and their transactions, I learned an alarming amount about them.”

With security issues being more common than ever, PayPal happens to be just one of many big companies to be caught in a data breach. The Venmo data is exposed by the developers themselves, and it is likely that the company will be held accountable for the breach in the near future with GDPR guidelines in place.

What do you think about the recent data leak by the Paypal-owned payments app? Let us know in the comments below. Get instant updates on TechNadu’s Facebook page, or Twitter handle.

REVIEW OVERVIEW

Recent Articles

How to Watch ‘Flipping Across America’ Online – Live Stream Season 1

HGTV is making sure that our summers are full of excitement and new shows, and we are certain that Flipping Across America will take...

Qualcomm Snapdragon 865 Plus Is a 3GHz+ Gaming Beast

Qualcomm has boosted the Snapdragon 865 by 10%, delivering a powerful 5G flagship chip. The “Plus” version comes with all the goodies...

“Religare” and “Impact Guru” Leaked the Data of 5.5 Million Indians

Two catastrophic data breaches hit Indian companies dealing with health insurance and crowdfunding. The data that has been stolen is extremely sensitive,...

Intel Presented the Technical Specifications of the Thunderbolt 4 Interface

The Thunderbolt 4 controllers will soon be made available to hardware vendors. The new protocol is unquestionably an improvement over the previous...

How to Watch ‘Cannonball’ Online – Live Stream Season 1

Summertime is all about the light content, and the contests that keep it fun, and that's exactly what Cannonball is all about. Scheduled to...

Technology

How to Watch ‘Flipping Across America’ Online – Live Stream Season 1

HGTV is making sure that our summers are full of excitement and new shows, and we are certain that...
- Advertisement -

Qualcomm Snapdragon 865 Plus Is a 3GHz+ Gaming Beast

Qualcomm has boosted the Snapdragon 865 by 10%, delivering a powerful 5G flagship chip. The “Plus” version comes with all the goodies...

“Religare” and “Impact Guru” Leaked the Data of 5.5 Million Indians

Two catastrophic data breaches hit Indian companies dealing with health insurance and crowdfunding. The data that has been stolen is extremely sensitive,...

Intel Presented the Technical Specifications of the Thunderbolt 4 Interface

The Thunderbolt 4 controllers will soon be made available to hardware vendors. The new protocol is unquestionably an improvement over the previous...

How to Watch ‘Cannonball’ Online – Live Stream Season 1

Summertime is all about the light content, and the contests that keep it fun, and that's exactly what Cannonball is all about. Scheduled to...