SAN FRANCISCO (CBS SF) — Users of the popular anonymous social media app Secret have been offering random confessions to their friends with the understanding that they won’t know who it is, a premise that was shattered by hackers who demonstrated that Secret is not secret.
Benjamin Caudill and Bryan Seely, executives with Rhino Security Labs of Seattle, hacked into the app to demonstrate to San Francisco-based Secret the vulnerability in the program and in hopes of qualifying for Secret’s ‘bug bounty” program, according to Wired.
Secret shows a stream of posts from people in their contact lists and friends of those contacts. Caudill and Seely showed that by creating a number a Secret account populated by fake friend accounts along with one real friend, the real person would be identified whenever they posted.
Instead of trying to capitalize on the vulnerability, Caudill tweeted Secret’s co-founder Chrys Bader to alert him of the bug, which led to a meeting between Caudill and Byttow, Forbes magazine reported.
Secret claims is has since installed a patch to prevent anyone else from repeating the same hack.
“As near as we can tell this hasn’t been exploited in any meaningful way,” Secret CEO David Byttow told Wired. “But we have to take action to determine that.”
According to Wired, since Secret instituted the bug bounty program in February, the company has closed dozens of security holes identified by so-called “white hat” hackers.
Meanwhile, Secret also announced Friday it was cracking down on bullying by enabling what is known as sentiment analysis or opinion mining to flag harassing comments, along monitoring the comments that are flagged.