Your Web News in One Place

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
June 16, 2019 09:44 pm

Researcher Publishers 7 Million (Still Public) Venmo Transactions on GitHub

Remember the outrage last year when a researcher discovered that for Venmo's 40 million users, all transactions are "public" by default and broadcast on Venmo's API? More than a year later, computer science student Dan Salmon has demonstrated that it's still incredibly easy to download millions of transactions through Venmo's developer API without obtaining user permissions (without even using the Venmo app). He proved this by downloading 7 million of them," TechCrunch reports:Dan Salmon said he scraped the transactions during a cumulative six months to raise awareness and warn users to set their Venmo payments to private... Using that data, anyone can look at an entire user's public transaction history, who they shared money with, when, and in some cases for what reason -- including illicit goods and substances. "There's truly no reason to have this API open to unauthenticated requests," he told TechCrunch. "The API only exists to provide like a scrolling feed of public transactions for the home page of the app, but if that's your goal then you should require a token with each request to verify that the user is logged in." He published the scraped data on his GitHub page.

Read more of this story at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/kq7oeH1ld0o/researcher-publishers-7-million-still-public-venmo-transactions-on-github

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot