Anonymous confessions posted on a popular app, called “Secret,” were susceptible to being exposed via a hack. The attack, detailed Friday by Wired, was discovered by white hat hacker Ben Caudill, who disclosed the vulnerability to the app maker under its bug bounty program.
Caudill revealed that if a user follows at least seven friends on the app, the hack is possible – and proved it by using one willing user, Wired contributing editor Kevin Poulsen, as an example.
After creating fake accounts, and adding Poulsen as a contact, Caudill only needed his target's email address to peg him as the owner of posted “secrets.”
In order to pinpoint the poster, Caudill first wiped his iPhone's contact list. From there, it was a cinch to spot posts not originating from the fake accounts. Secret has since blocked the attack, Wired confirmed.