Problems with Venmo Privacy was highlighted for the first time. back in 2018. A security researcher demonstrated how the API could be used to obtain an alarming amount of personal data about digital cash app users.
A related vulnerability still existed in 2024 when it was used to highlight potentially embarrassing information about JD Vance. A new report says the company is fixing the problem too late…
The problem has been that both Venmo transactions and the messages that accompany them have been public by default, along with your contacts in the app. A security researcher who analyzed more than 200 million transactions told five illustrative stories about the embarrassing level of information revealed.
This included the transactions of a cannabis dealer and a couple who were apparently in a soap opera relationship.
“Please leave me alone,” said the woman, whom Do Thi Duc refers to as Susana.
“I just love you. It makes me sad that you don’t understand,” the man responds.
In a later exchange, he says, “It’s pretty clear that you were using me the whole time. It took me a while to realize that.” The next morning, he is remorseful. “I’m sorry. I take back everything I said.”
Venmo later offered the opportunity to keep your contacts private, but this was not yet set as the default. That saw the problem go back to the news in 2024, when he revealed a contradiction between JD Vance’s supposed disdain for the elite with his own extensive network of contacts.
(His) public Venmo account offers an unfiltered view of his extensive network of connections to Republican Party heavyweights, wealthy financiers, technology executives, the prestigious press, and fellow Yale Law School graduates—precisely the elites he rails against.
Venmo privacy is finally being fixed
Parent company PayPal claimed at the time that this was a feature rather than a bug and refused to fix it. However, the company finally seems to have changed its mind, telling The edge which is changing the default privacy settings.
Venmo is starting to test a big redesign of its app, and as part of the changes, it’s implementing a major new privacy measure: The onboarding process for new users will set your posts so that only your friends can see them by default instead of being public.
The default setting will be friends, but you can change it to “just me.” It is not yet clear whether contacts will be publicly visible by default.
The article says that the new app will be launched in the coming weeks.
Image: 9to5Mac/Venmo/Sincerely media
FTC: We use automatic affiliate links that generate income. Further.
