A computer science student scraped seven million Venmo transactions to warn users that their public activity can still be stolen.
Dan Salmon said he scraped the transactions over the course of six months to prove to users that they need to set their Venmo payments to private. Venmo payments between users are set to public by default.
The move comes a year after privacy researcher Hang Do Thi Duc downloaded 207 million Venmo transactions to prove a similar point.
“There’s truly no reason to have this API open to unauthenticated requests,” Salmon told reporters. “The API only exists to provide like a scrolling feed of public transactions for the home page of the app, but if that’s your goal then you should require a token with each request to verify that the user is logged in.”