Ethical Hacker Shows Privacy Flaw in Venmo by Scraping Seven Million Users’ Transaction Data

Share Article

A year ago, Paypal owned Venmo made news after a Mozilla fellow downloaded over 207 million transaction details. The same has now been done by a computer science student, Dan Salmon who was able to download seven million transaction details of Venmo users over a period of six months.

None of the two data breaches were done by black hat hackers. Rather, the breaches were carried out by ethical, or “white hat” hackers, in order to warn the company of underlying security issues.

The amount of data scraped through hacking Venmo calls attention to how easy it is to obtain transaction data of Venmo users. It also serves as a reflection of the minimal efforts that the company has made towards data privacy since the first hack.

Is Venmo Unconcerned?

The Venmo app today comes with a default setting that makes all transaction data publicly available. After the data scraping of over 207 million, Venmo did take a step to redefine some of its privacy guidelines. Soon after, however, when users started to switch their privacy settings from public to private, the company removed a warning from its app that prompted users to do so.

What makes the public availability of Venmo’s transaction data worth the concern is that it clearly indicates the parties between whom the transaction has been done. It also sometimes prompts the purpose of the transaction.

Blockchain: Public Yet Secure Alternative to Venmo

If you compare the public availability of Venmo’s transaction data with that of blockchain transaction data, the one major difference is that the identity of the peers and purpose of the transactions is not compromised in the case of blockchain.

It is actually the one most talked about feature of blockchain that all transactions on it are anonymous, and it’s next to impossible for anyone to scrape the data to find the people behind the transactions.

Should Venmo consider using the blockchain technology for storing its transaction data? Let us know your thoughts in the comments below.


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Born and brought up in India, Mohammad Musharraf is a civil engineer who discovered his love for writing, and blockchain and cryptocurrency technology during his college years. He now works as a freelance crypto journalist and also aids businesses come up with relevant and interesting B2B and B2C content.

Follow Author

Daily signals, Bitcoin analytics and traders chat. Join our Telegram today!

Let’s Go

A step-by-step guide how to trade Bitcoin profitably

Learn now