From Bleeping Computer:
The vast majority of Venmo transactions are being logged in a public API accessible to anyone, according to the recent investigation of a privacy advocate.
The reason this happens is because the Venmo app’s default settings are set to “Public” for all users.
Unless users specifically change this value, all the transactions they make via the Venmo money-sending app are logged and made available to anyone via the Venmo public API.
Read the Complete Article, Access Resources
This was the finding of a Berlin-based researcher, Hang Do Thi Duc, who analysed the more than 200 million public Venmo transactions made in 2017. Her aim was to highlight the privacy risk from using a seemingly innocuous peer-to-peer app.
Do Thi Duc showcases the level of personal data exposed through Venmo through her project website “Public by Default”, named because when anyone makes a payment through the app, it is public unless that person has locked down their privacy settings. Here she has honed in on five individual users, including a man who sells cannabis in Santa Barbara and a pair of lovers who pass money between each other accompanied by flirting, arguing, apologies and threats.
Read the Complete Article, View Charts