- Twitter just launched its ‘Hide Replies’ feature 5 Years Ago
- How to turn off image metadata before it snitches on you 5 Years Ago
- The ‘Breaking Bad’ movie is coming to theaters—for one weekend only Today 1:04 PM
- Teens recorded, shared videos of mall fight that ended in fatal stabbing Today 12:44 PM
- How to stream Giants vs. Buccaneers in Week 3 Today 12:31 PM
- Report: Ben Carson made transphobic comments at HUD meeting Today 12:30 PM
- Where to buy the Switch Lite and everything else you need to know Today 12:28 PM
- Facebook is experimenting with apps targeting teens Today 12:21 PM
- #LiveFromTheArea51Raid: Memes and highlights from the desert Today 12:06 PM
- Ready for Dark Mode? Here’s how to get it, and everything else in iOS 13 Today 11:41 AM
- Students across the world are walking out to protest inaction on climate change Today 11:08 AM
- YouTubers are exploiting Area 51 mania for content Today 10:29 AM
- Veterans confront Dan Crenshaw over his support for Trump Today 10:29 AM
- Google Maps may soon come with an Incognito Mode Today 10:13 AM
- Right-wing Beto O’Rourke ‘pissy pants’ meme actually features indie rock star Today 10:11 AM
Hacks make Secret not so secret
Welcome to the internet, nothing is safe here.
If you’re still operating under the misguided assumption that particular things you say or do on the Internet are private, pay attention. In all likelihood, nothing of yours that exists online, in your inbox, or on your apps is actually safe from prying eyes—and that includes anything you’ve shared to Secret.
Secret, a misleadingly named anonymish (yeah, we said it) social platform, is vulnerable to hacks just like everything else in the universe. As Kevin Poulsen reports for Wired, the app was recently vulnerable to an incredibly obvious hack, demonstrated by Bryan Seely and Benjamin Caudill, white-hat hackers with Rhino Labs. When you sign up, Secret populates your customized Secret world using email addresses and phone numbers stored locally on your phone. You have to have seven friends on Secret to make the app show you posts by your friends—a built-in safeguard so users can’t immediately figure out who is sharing what.
To make the hack work, you needed to delete all contact information from your device, leaving only the the email address of your target and the email address of six more bogus Secret accounts (which you’d create and register for this purpose). Open the app and voilà: You’d see only secrets shared by your target. Supposedly, accounts using Facebook to sign up weren’t vulnerable to the attack, though we’re not sure how that would break down if you messed around with those useless email addresses that Facebook hands out to every user.
Given the hack’s simplicity, and the high-stakes content shared on Secret—Silicon Valley scandals, infidelity, strange sexual predilections… you name it—it’s actually a wonder no one outed any sensitive secrets that way.
Secret CEO David Byttow told Wired his company has confirmed and blocked the attack, which is one of 42 security holes blocked since February. “As near as we can tell this hasn’t been exploited in any meaningful way,” he said. “But we have to take action to determine that.”
If anything, the hack is a useful reminder that nothing is as private as it appears—even stuff you confide in an app bold enough to call itself Secret.
Taylor Hatmaker has reported on the tech industry for nearly a decade, covering privacy and government. Most recently, she was the Debug editor of the Daily Dot. Prior to that, she was a staff writer and deputy editor at ReadWrite, a tech and business reporter for Yahoo News, and the senior editor of Tecca. Her editorial interests include censorship, digital activism, LGBTQ issues, and futurist consumer tech.