- Trump’s transphobic policies are disgusting—but they aren’t new 5 Years Ago
- How to watch the Copa del Rey Final online for free Today 5:45 AM
- How to watch the DFB-Pokal final for free Today 5:30 AM
- Curvy Wife Guy drops music video for rap song ‘Chubby Sexy’ Friday 7:33 PM
- A ‘Black Mirror’ spinoff mini-series is coming to YouTube via Netflix Latin America Friday 5:56 PM
- Kanye West appears on David Letterman’s Netflix show to talk Trump, TMZ, and Drake Friday 3:27 PM
- QAnon believers link small-town arrest to deep state conspiracy without evidence Friday 1:58 PM
- Instagram photos showing prison conditions spark massive protest Friday 1:33 PM
- ‘Gay rat wedding’ headline sparks amazing new meme Friday 1:03 PM
- ‘I read a gossip piece’ meme mocks Moby’s Instagram post Friday 12:39 PM
- Rotten Tomatoes wants to see your ticket stub to leave a verified review Friday 11:46 AM
- ‘Sonic the Hedgehog’ movie delayed to 2020 to fix his look Friday 11:39 AM
- ‘Swamp Thing’ gets off to a promising start, but can it tell a convincing love story? Friday 11:34 AM
- ‘Falling on deaf ears’: ‘Queer Eye’ star sparks conversation about ableist idioms Friday 11:15 AM
- Parents are spending thousands on YouTube camps that teach kids how to be famous Friday 10:43 AM
Welcome to the internet, nothing is safe here.
If you’re still operating under the misguided assumption that particular things you say or do on the Internet are private, pay attention. In all likelihood, nothing of yours that exists online, in your inbox, or on your apps is actually safe from prying eyes—and that includes anything you’ve shared to Secret.
Secret, a misleadingly named anonymish (yeah, we said it) social platform, is vulnerable to hacks just like everything else in the universe. As Kevin Poulsen reports for Wired, the app was recently vulnerable to an incredibly obvious hack, demonstrated by Bryan Seely and Benjamin Caudill, white-hat hackers with Rhino Labs. When you sign up, Secret populates your customized Secret world using email addresses and phone numbers stored locally on your phone. You have to have seven friends on Secret to make the app show you posts by your friends—a built-in safeguard so users can’t immediately figure out who is sharing what.
To make the hack work, you needed to delete all contact information from your device, leaving only the the email address of your target and the email address of six more bogus Secret accounts (which you’d create and register for this purpose). Open the app and voilà: You’d see only secrets shared by your target. Supposedly, accounts using Facebook to sign up weren’t vulnerable to the attack, though we’re not sure how that would break down if you messed around with those useless email addresses that Facebook hands out to every user.
Given the hack’s simplicity, and the high-stakes content shared on Secret—Silicon Valley scandals, infidelity, strange sexual predilections… you name it—it’s actually a wonder no one outed any sensitive secrets that way.
Secret CEO David Byttow told Wired his company has confirmed and blocked the attack, which is one of 42 security holes blocked since February. “As near as we can tell this hasn’t been exploited in any meaningful way,” he said. “But we have to take action to determine that.”
If anything, the hack is a useful reminder that nothing is as private as it appears—even stuff you confide in an app bold enough to call itself Secret.
Taylor Hatmaker has reported on the tech industry for nearly a decade, covering privacy and government. Most recently, she was the Debug editor of the Daily Dot. Prior to that, she was a staff writer and deputy editor at ReadWrite, a tech and business reporter for Yahoo News, and the senior editor of Tecca. Her editorial interests include censorship, digital activism, LGBTQ issues, and futurist consumer tech.