+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Hackers Have Found 42 Security Holes In Anonymous App Secret, Including A Way To Reveal A Specific Friend's Posts

Aug 22, 2014, 21:51 IST

Flickr / Fabiano Kai

Hackers have revealed 42 security holes in Secret, the popular anonymous sharing app with the tagline "Speak freely," since February.

Advertisement

Reporter Kevin Poulsen revealed the startlingly high number in a Wired piece in which Secret CEO David Byttow acknowledged that the app doesn't guarantee that users are completely anonymous at all times.

In February, Byttow and his team instituted a way for hackers to submit bugs or security issues, and 38 people have helped close 42 bugs. We don't how many of those holes involved allowing a hacker to find out who posted which secrets, but the site does say that "issues that may threaten an individual's anonymity are taken most seriously."

In his piece, Poulsen highlights a recently fixed hack that would let a user find out all the secrets that someone shared on the app:

Secret pulls in information from your contact list, so you only see posts from your friends, or from friends of friends. So, if you delete your real contact list, make a bunch of dummy Secret accounts, add the email addresses you used to make them to your blank contact list, then added someone's real email address to your contact list, the only real posts you'd see from "friends" in your Secret feed would expose the poster. Viola: You know all that one friend's secrets.

Advertisement

While the high number of discovered vulnerabilities might seem alarming to people who post lots of secrets that they hope will remain, well, secret, Byttow looks at it optimistically.

"As hackers disclose these kinds of vulnerabilities through our HackerOne bounty, we just make more and more advancements," Byttow told Poulsen. "We've had zero public incidents with respect to security and privacy. Everything has come through our bounty program."

Well-known VC Hunter Walk makes a similar case:

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article