News

Vulnerability Found in Venmo Public API Causing Massive Data Leak

By Nitish Singh
Venmo
Image Courtesy of Cnet
  • A privacy advocate discovered a vulnerability in Paypal-owned Venmo app’s API which has led to a large number of transactions being leaked by the app.
  • The Venmo API has transaction records set to “Public” as default which allows anyone access to the API to see all ongoing transactions.
  • The app has leaked 207,984,218 transactions in 2017 alone, and researchers claim that the problem has existed since 2016 and was not patched.

PayPal is in the middle of a major data leak with its subsidiary Venmo publicizing data amounting to 207,984,218 transactions. Venmo made its API publicly accessible by default causing the US-only mobile payments platform to suffer from the massive leak. Security researchers had warned the app about the vulnerability back in 2016, but no steps were taken to secure the platform.

Users have been requested to set the Venmo app’s default settings to Private to avoid further public data access. The data that was leaked out includes the names of the senders and recipients, avatars of Venmo users, dates of transactions, transaction type, and optional comments. Privacy advocate Hang Do Thi Duc is not the first person to find out about the issue. Another advocate Dan Gorelick discovered the vulnerability in 2016, but the issue was not resolved until now.

All transactions until yesterday are still available for public access via the public API. A tutorial was made by Gorelick available for all Venmo users to secure their data. Recently Duc also made his own guide to visually indicate how to secure transaction data on the platform.

Duc revealed in her blog post “I used Venmo's public API to download all public transactions of 2017, pulling in a total of 207,984,218 transactions. By looking through users and their transactions, I learned an alarming amount about them.”

With security issues being more common than ever, PayPal happens to be just one of many big companies to be caught in a data breach. The Venmo data is exposed by the developers themselves, and it is likely that the company will be held accountable for the breach in the near future with GDPR guidelines in place.

What do you think about the recent data leak by the Paypal-owned payments app? Let us know in the comments below. Get instant updates on TechNadu’s Facebook page, or Twitter handle.

Add a Comment

Latest
Streaming
How to Watch I Have Nothing Online Free from Anywhere
TechNadu Staff - 0
I Have Nothing is a Crave Original docu-comedy series following Carolyn Taylor and her attempt to choreograph a full-length pairs figure skating...
Read more
Streaming
How to Watch Michael McIntyre’s The Wheel Season 4 Online Free from Anywhere
TechNadu Staff - 0
The Bafta-winning Michael McIntyre has returned with another season of The Wheel. Viewers can expect big laughs, huge stars, and heart-pounding thrills...
Read more
Streaming
How to Watch Blankety Blank Season 3 (2023) Online Free from Anywhere
Lore Apostol - 0
Blankety Blank is back in 2023, with Bradley Walsh guiding a panel of celebrities and contestants over multiple rounds of the quiz...
Read more

© TechNadu 2023. All Rights Reserved.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari