An Interest In:
Web News this Week
- April 19, 2024
- April 18, 2024
- April 17, 2024
- April 16, 2024
- April 15, 2024
- April 14, 2024
- April 13, 2024
June 16, 2019 09:44 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/kq7oeH1ld0o/researcher-publishers-7-million-still-public-venmo-transactions-on-github
Researcher Publishers 7 Million (Still Public) Venmo Transactions on GitHub
Remember the outrage last year when a researcher discovered that for Venmo's 40 million users, all transactions are "public" by default and broadcast on Venmo's API? More than a year later, computer science student Dan Salmon has demonstrated that it's still incredibly easy to download millions of transactions through Venmo's developer API without obtaining user permissions (without even using the Venmo app). He proved this by downloading 7 million of them," TechCrunch reports:Dan Salmon said he scraped the transactions during a cumulative six months to raise awareness and warn users to set their Venmo payments to private... Using that data, anyone can look at an entire user's public transaction history, who they shared money with, when, and in some cases for what reason -- including illicit goods and substances. "There's truly no reason to have this API open to unauthenticated requests," he told TechCrunch. "The API only exists to provide like a scrolling feed of public transactions for the home page of the app, but if that's your goal then you should require a token with each request to verify that the user is logged in." He published the scraped data on his GitHub page.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/kq7oeH1ld0o/researcher-publishers-7-million-still-public-venmo-transactions-on-github
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot