SAN FRANCISCO (CBS SF) — Users of the popular anonymous social media app Secret have been offering random confessions to their friends with the understanding that they won’t know who it is, a premise that was  shattered by hackers who demonstrated that Secret is not secret.

Benjamin Caudill and Bryan Seely, executives with Rhino Security Labs of Seattle, hacked into the app to demonstrate to San Francisco-based Secret the vulnerability in the program and in hopes of qualifying for Secret’s ‘bug bounty” program, according to Wired.

Secret shows a stream of posts from people in their contact lists and friends of those contacts. Caudill and Seely showed that by creating a number a Secret account populated by fake friend accounts along with one real friend, the real person would be identified whenever they posted.

Instead of trying to capitalize on the vulnerability, Caudill tweeted Secret’s co-founder Chrys Bader to alert him of the bug, which led to a meeting between Caudill and Byttow, Forbes magazine reported.

Secret claims is has since installed a patch to prevent anyone else from repeating the same hack.

“As near as we can tell this hasn’t been exploited in any meaningful way,” Secret CEO David Byttow told Wired. “But we have to take action to determine that.”

According to Wired, since Secret instituted the bug bounty program in February, the company has closed dozens of security holes identified by so-called “white hat” hackers.

Meanwhile, Secret also announced Friday it was cracking down on bullying by enabling what is known as sentiment analysis or opinion mining to flag harassing comments, along monitoring the comments that are flagged.



Leave a Reply

Please log in using one of these methods to post your comment:

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Watch & Listen LIVE