CYBERSPACE — A “white hat hacker” exposed a serious security weakness in popular payment platform Venmo and urged all users, especially those in privacy-sensitive industries like adult, to urgently set their Venmo payments to “private.”
Currently, “public” is the default setting for Venmo payments, and many users still neglect to set it to “private.” Venmo is owned by online payments giant PayPal.
The white hat hacker — the tech world’s term for someone who breaks into supposedly secure computer systems but only to warn companies and the public about the potential for harm — is computer science student Dan Salmon.
According to a TechCrunch report, Salmon “scraped seven million Venmo transactions to prove that users’ public activity can still be easily obtained, a year after a privacy researcher downloaded hundreds of millions of Venmo transactions in a similar feat.”
Salmon claims he “scraped the transactions during a cumulative six months to raise awareness and warn users to set their Venmo payments to private.”
“Using that data, anyone can look at an entire user’s public transaction history, who they shared money with, when, and in some cases for what reason — including illicit goods and substances,” explained TechCrunch’s Zach Whittaker.
In 2018, PayPal reached a settlement over security and pricacy issues with the Federal Trade Commission (FTC).