LOS ANGELES, Calif. — Venmo might have started out as an easy way to split a bill among friends, but a new study warns it’s now a way to find people’s personal data online. Researchers from the University of Southern California found that almost 40 percent of Venmo users overshare personal information on the app.
This personal information ranged from a consumer’s political affiliation to their email addresses, to bank accounts and website passwords.
What is Venmo?
Venmo is a peer-to-peer (P2P) payment app which allows people to quickly exchange money directly. Venmo transactions also allow users to send a message about the payment.
If your settings are not set to private, anyone with the app can see what it is and how much you are sending. The research team looked over 389 million public Venmo transaction messages from 2012 to 2020. They found nearly two in five users publicly shared at least one message containing personal information. More than 10 percent exposed sensitive information such as health conditions, political party preference, and drug use.
Examples of these Venmo messages included:
- “Sexual pleasures”
- “for aids treatment. Get well soon”
- “Lesbian Activities”
- “Bush did 9/11”
- “weed and other very bad drugs”
- “[Name] man, thank you 4 everything. The password to my Bank account is [Password.] take what you want”
- “Call me [Phone number]”
- “Send it to my PayPal [[email protected]].”
AI can figure out what you’re doing on Venmo
The researchers also looked at the privacy risks for groups and organizations that collect membership dues on Venmo. Having messages from Alcoholics Anonymous (AA) or gambling groups go public could inadvertently expose their members. Machine learning software — a form of artificial intelligence (AI) — was able recognize keywords in specific AA phases such as the “7th tradition” from the high number of payments the app received at once from its users. Using the public messages helped researchers track down who was a member and how they were connected to the organization.
“I was a little shocked by what we found, details about user payments from everything from birthday cupcakes to AA membership,” says Jelena Mirkovic, a research associate professor at the USC Viterbi School of Engineering and project leader at the USC Information Sciences Institute, in a university release. “I was thinking, I bet these people don’t know that anyone can see these messages.”
“There are risks to oversharing. If you share something that’s sensitive, like ‘Here’s money for drugs or drinks’ or ‘It was a great party in Vegas,’ that can have implications later on. For instance, it could affect your job prospects,” the researcher adds.
Some users try to find other ways of staying private
Additionally, study authors fear people who are domestic abuse victims could be exposed and have their activities tracked through their messages.
Fortunately, the team noticed more users are switching their settings to private mode. In 2013, only 25 percent had a private Venmo profile. Five years later, that number rose to 37 percent.
One in four Venmo users refuse to make their accounts private and instead send cryptic messages such as emojis or random numbers when sending payments. While this does provide a modicum of protection, the study suggests it’s not fully protective.
“There’s no real benefit in going public on Venmo,” Mirkovic says. “Users should make everything private, including their list of friends.”
Bottom line: what happens in Venmo, doesn’t always stay on Venmo.
The study is published in the journal Proceedings on Privacy Enhancing Technologies.