Wired has reported that several government officials involved in the Signal chat exposing sensitive national security plans have also exposed their Venmo accounts by not adjusting their account privacy settings to prohibit the information from being publicly accessible. This means that they “left not only their contact lists publicly visible but also their transactions, which are as recent as last autumn. These records reveal specific information” about who they paid, how much they paid, the date of the payment, and the reason for the payment.
According to Tara Lemieux, a veteran of the U.S. intelligence community, “When you post anything in those third-party applications, and you don’t understand how that information can be shared or exploited, you are taking a risk for our nation—and that’s not acceptable.”
The risk of public officials not setting their Venmo accounts to private provides insight into their contacts and services provided to them and offers threat actors insight into strategies to use that information to commence attacks against both the contacts and the account owner.
Mike Yeagley, a specialist in commercial data and its security risks, outlines the risk: “What’s the risk of someone at the Cabinet level using Venmo to pay their personal trainer? On the surface, it doesn’t look like much. But now I know who that trainer is—or the gardener, or whoever—and suddenly I’ve expanded my ability to target by identifying the people around that official.” Threat actors use this intimate insight to gather more information to target both the official and the official’s contacts.
Not only have Trump administration officials allowed their Venmo accounts to be public, but so have members of Congress.
According to NOTUS, which first reported the ability to access government officials’ Venmo details, it “easily identified Venmo accounts tied to more than three dozen Trump administration officials and more than 50 current members of Congress. Their transactions are revealing — as are their friends lists.” All of this is quite concerning for national security. It is also a reminder to be aware of privacy settings in all applications, including Venmo. You may not want the world to see the details of who you are paying and why. If so, go to your Venmo app, make privacy choices, and confirm them in the settings. To hide your connections, go to Settings > Privacy > Friends List and select Private. You will be protecting yourself as well as your friends and family.