Ethical Hacker Shows Privacy Flaw in Venmo by Scraping Seven Million Users’ Transaction Data

None of the two data breaches were done by black hat hackers. Rather, the breaches were carried out by ethical, or “white hat” hackers, in order to warn the company of underlying security issues. The amount of data scraped through hacking Venmo calls attention to how easy it is to obtain transaction data of Venmo users. It also serves as a reflection of the minimal efforts that the company has made towards data privacy since the first hack.

Is Venmo Unconcerned?

The Venmo app today comes with a default setting that makes all transaction data publicly available. After the data scraping of over 207 million, Venmo did take a step to redefine some of its privacy guidelines. Soon after, however, when users started to switch their privacy settings from public to private, the company removed a warning from its app that prompted users to do so. What makes the public availability of Venmo’s transaction data worth the concern is that it clearly indicates the parties between whom the transaction has been done. It also sometimes prompts the purpose of the transaction.

Blockchain: Public Yet Secure Alternative to Venmo

If you compare the public availability of Venmo’s transaction data with that of blockchain transaction data, the one major difference is that the identity of the peers and purpose of the transactions is not compromised in the case of blockchain. It is actually the one most talked about feature of blockchain that all transactions on it are anonymous, and it’s next to impossible for anyone to scrape the data to find the people behind the transactions. Should Venmo consider using the blockchain technology for storing its transaction data? Let us know your thoughts in the comments below.