- Twitter lifts ‘permanent’ suspension of activist Barrett Brown Monday 5:52 PM
- Billie Eilish fans fend off objectifying comments on tank top photo Monday 5:32 PM
- Groom’s mother sabotages wedding by tricking guests into wearing jorts and hoodies Monday 4:39 PM
- No one believes Bill de Blasio’s son sent him these debate prep texts Monday 3:26 PM
- Meek Mill, Jay-Z to release ‘Free Meek’ documentary on Amazon Prime Monday 3:20 PM
- 3 ways to secure your Nest cameras Monday 3:15 PM
- This Pokémon generator site is creating hilarious monsters Monday 2:48 PM
- MrBeast impersonator tricks kid into destroying his XBox Monday 12:50 PM
- This mom has the perfect nickname for her nonbinary kid Monday 12:25 PM
- Netflix tests pop-out player that will allow viewers to multitask Monday 11:44 AM
- Man allowed to sue media publishers over readers’ Facebook comments Monday 11:42 AM
- Republicans slammed for joke about ‘heavily armed militia’ at Oregon statehouse Monday 11:30 AM
- New bill wants tech companies to tell you how much your data is worth Monday 10:53 AM
- AOC has the best response to Steve King’s ‘concentration camp’ criticism Monday 10:19 AM
- Did Jake Paul and Tana Mongeau just get engaged? Monday 9:26 AM
Welcome to the internet, nothing is safe here.
If you’re still operating under the misguided assumption that particular things you say or do on the Internet are private, pay attention. In all likelihood, nothing of yours that exists online, in your inbox, or on your apps is actually safe from prying eyes—and that includes anything you’ve shared to Secret.
Secret, a misleadingly named anonymish (yeah, we said it) social platform, is vulnerable to hacks just like everything else in the universe. As Kevin Poulsen reports for Wired, the app was recently vulnerable to an incredibly obvious hack, demonstrated by Bryan Seely and Benjamin Caudill, white-hat hackers with Rhino Labs. When you sign up, Secret populates your customized Secret world using email addresses and phone numbers stored locally on your phone. You have to have seven friends on Secret to make the app show you posts by your friends—a built-in safeguard so users can’t immediately figure out who is sharing what.
To make the hack work, you needed to delete all contact information from your device, leaving only the the email address of your target and the email address of six more bogus Secret accounts (which you’d create and register for this purpose). Open the app and voilà: You’d see only secrets shared by your target. Supposedly, accounts using Facebook to sign up weren’t vulnerable to the attack, though we’re not sure how that would break down if you messed around with those useless email addresses that Facebook hands out to every user.
Given the hack’s simplicity, and the high-stakes content shared on Secret—Silicon Valley scandals, infidelity, strange sexual predilections… you name it—it’s actually a wonder no one outed any sensitive secrets that way.
Secret CEO David Byttow told Wired his company has confirmed and blocked the attack, which is one of 42 security holes blocked since February. “As near as we can tell this hasn’t been exploited in any meaningful way,” he said. “But we have to take action to determine that.”
If anything, the hack is a useful reminder that nothing is as private as it appears—even stuff you confide in an app bold enough to call itself Secret.
Taylor Hatmaker has reported on the tech industry for nearly a decade, covering privacy and government. Most recently, she was the Debug editor of the Daily Dot. Prior to that, she was a staff writer and deputy editor at ReadWrite, a tech and business reporter for Yahoo News, and the senior editor of Tecca. Her editorial interests include censorship, digital activism, LGBTQ issues, and futurist consumer tech.