Hackers Have Found 42 Security Holes In Anonymous App Secret, Including A Way To Reveal A Specific Friend's Posts
Reporter Kevin Poulsen revealed the startlingly high number in a Wired piece in which Secret CEO David Byttow acknowledged that the app doesn't guarantee that users are completely anonymous at all times.
In February, Byttow and his team instituted a way for hackers to submit bugs or security issues, and 38 people have helped close 42 bugs. We don't how many of those holes involved allowing a hacker to find out who posted which secrets, but the site does say that "issues that may threaten an individual's anonymity are taken most seriously."
In his piece, Poulsen highlights a recently fixed hack that would let a user find out all the secrets that someone shared on the app:
Secret pulls in information from your contact list, so you only see posts from your friends, or from friends of friends. So, if you delete your real contact list, make a bunch of dummy Secret accounts, add the email addresses you used to make them to your blank contact list, then added someone's real email address to your contact list, the only real posts you'd see from "friends" in your Secret feed would expose the poster. Viola: You know all that one friend's secrets.
While the high number of discovered vulnerabilities might seem alarming to people who post lots of secrets that they hope will remain, well, secret, Byttow looks at it optimistically.
"As hackers disclose these kinds of vulnerabilities through our HackerOne bounty, we just make more and more advancements," Byttow told Poulsen. "We've had zero public incidents with respect to security and privacy. Everything has come through our bounty program."
Well-known VC Hunter Walk makes a similar case:
Hate Secret & you see today's security hole as validation. Love Secret & it's proof they take your privacy seriously. #EyeOfBeholder
- Hunter Walk (@hunterwalk) August 22, 2014
Next Story
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
Catan adds climate change to the latest edition of the world-famous board game
Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
JNK India IPO allotment – How to check allotment, GMP, listing date and more
Indian Army unveils selfie point at Hombotingla Pass ahead of 25th anniversary of Kargil Vijay Diwas
