Skip to main content

With a public API, Venmo’s default privacy settings expose private user data

Those who use Venmo as their primary money-transfer app, may want to consider changing their privacy settings. After a security researcher analyzed over 200 million Venmo transactions back in 2017, it became clear the app exposes a large amount of private details about its users, The Guardian reports.

The project was created by Berlin-based researcher Hang Do Thi Duc, who highlighted all of her findings via a website called “Public by Default.” On the site, she explains how she was able to learn an ‘alarming amount’ about Venmo’s users by pulling a total of 207,984, 218 transactions all via the app’s public application programming interface (API) — which can be accessed by anyone.

Even though Venmo does allow you to choose what is or isn’t public, all transactions are public by default — which some users may not realize. To protect your information, you can choose to make any future transactions visible by only the sender and recipient — that way, they won’t show up on the public feed. There’s also the option to make all past transactions private as well.

Using the logged data via the API, Do Thi Duc was able to piece together the lives of five different Venmo users identified as: ‘The Cannabis Retailer,’ ‘The Corn Dealer,’ ‘The Lovers,’ ‘The YOLOist,’ and ‘The All Americans.’ Each one includes stories of who they are with specific details she was able to find simply by sifting through their transactions — including exactly how many transactions were carried out by each person in 2017. While she was also able to see full names, she did not publish that identifying information.

“This Venmo user — a young woman with a Greek last name — had 2,033 transactions in eight months’ time. And through her Venmo transactions emerges an unhealthy portrait. She loves Coca Cola (280 transactions) and pizza (209 transactions), and often goes for coffee with the same three friends. She also likes to eat a lot of sweets, especially donuts,” she writes about ‘The YOLOist.’

On the site, Do Thi Duc explains the project will hopefully shed light on the fact that companies should be putting user data protection first. While Venmo’s public feed seems harmless — and even a source of entertainment for some — we don’t truly realize how much information we’re sharing. This includes your first and last name, transaction history, and blatantly revealing where and with whom you’re spending your time by listing who it is the money is going to.

Editors' Recommendations