Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Hack exposes Secret app confessions

Anonymous confessions posted on a popular app, called “Secret,” were susceptible to being exposed via a hack. The attack, detailed Friday by Wired, was discovered by white hat hacker Ben Caudill, who disclosed the vulnerability to the app maker under its bug bounty program.

Caudill revealed that if a user follows at least seven friends on the app, the hack is possible – and proved it by using one willing user, Wired contributing editor Kevin Poulsen, as an example. 

After creating fake accounts, and adding Poulsen as a contact, Caudill only needed his target's email address to peg him as the owner of posted “secrets.”

In order to pinpoint the poster, Caudill first wiped his iPhone's contact list. From there, it was a cinch to spot posts not originating from the fake accounts. Secret has since blocked the attack, Wired confirmed.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.