Venmo privacy finally being fixed eight years after ‘alarming’ fails
Problems with Venmo privacy were first highlighted way back in 2018. A security researcher demonstrated how the API could be used to obtain an alarming amount of personal data about users of the digital cash app.
A related vulnerability was still in place in 2024 when it was used to highlight potentially embarrassing information about JD Vance. A new report says that the company is very belatedly fixing the problem …
The problem has been that both Venmo transactions and the messages which accompany them have been public by default, along with your contacts in the app. A security researcher who analyzed more than 200 million transactions gave five illustrative stories about the embarrassing level of information revealed.
This included the transactions of a cannabis dealer, and a couple seemingly living a soap-opera relationship.
“Please leave me alone,” said the woman, who Do Thi Duc refers to as Susana.
“I just love you. I’m sad that you don’t understand,” replies the man.
In a later exchange, he says: “It’s pretty damn clear that you were using me all along. Took me a while to figure that out.” The next morning, he’s repentant. “I’m sorry. I take everything I said back.”
Venmo did later offer the opportunity to keep your contacts private, but this still wasn’t set as the default. That saw the issue hit the news again in 2024 when it revealed a contradiction between JD Vance’s claimed scorn for the elite with his own extensive network of contacts.
[His] public Venmo account gives an unfiltered glimpse into his extensive network of connections with establishment GOP heavyweights, wealthy financiers, technology executives, the prestige press, and fellow graduates of Yale Law School—precisely the elites he rails against.
Venmo privacy finally being fixed
Parent company PayPal claimed at the time that this was a feature rather than a bug, and declined to fix it. However, the company finally seems to have had a change of heart, telling The Verge that it is changing the default privacy settings.
Venmo is starting to test a big redesign of its app, and as part of the changes, it will be implementing a major new privacy measure: the onboarding process for new users will set their posts to only be viewable by their friends by default instead of being public.
The default setting will be friends, but you can change it to “just me.” It’s still not clear whether or not contacts will be publicly viewable by default.
The piece says that the new app will roll out over the next few weeks.
- Official Apple Store on Amazon
- Apple’s iPhone cases: iPhone 17 | iPhone 17 Pro and Pro Max | iPhone Air
- Wireless CarPlay adapter (2026 update)
- AirTag holders and accessories
- Mac Pro-style Mac mini casing
- NordVPN – privacy-first VPN with no logs and independent audits to verify
Image: 9to5Mac/Venmo/Sincerely Media
