Secret App Isn't Actually Secret

0 comments

2Photo: Courtesy of Secret.
Whenever a web site or app is hacked, users can become concerned about the general security of the program in question. But, when someone's able to hack into user information simply by searching email addresses and phone numbers, that concern turns into a giant red flag.

And, that's exactly what users of Secret are now feeling, as it's the latest app to fail in its promise of anonymity.

Looking to avoid all possible security holes, Secret CEO David Byttow created a HackerOne bounty program, which rewards hackers who identify and report flaws in Secret's privacy system. Ben Caudill, co-founder of Rhino Security Labs, not only outed a friend's secret on the app, but he unveiled one of Byttow's secrets, too.

Byttow told WIRED the app has blocked the hack, while he and his team are in post-mortem discussion on how they can prevent future instances. "As near as we can tell this hasn't been exploited in any meaningful way. But we have to take action to determine that," Byttow said. But, Secret users may feel reluctant to learn that, since the bounty program's launch in February, hackers have discovered 42 security lapses.

Still, Byttow isn't worried. "As hackers disclose these kinds of vulnerabilities through our HackerOne bounty, we just make more and more advancements" citing "zero public incidents with respect to security and privacy," he says. And, though he understands users are troubled by this information, he also believes they need Secret. Without it, where would they go to share this kind of sensitive information anonymously?

Between the constantly changing rules of Facebook and the identified risks of Snapchat, it seems that, these days, the word anonymous may as well be followed by an asterisk. (WIRED)