Secret Reacts To Security Breach
Loophole Allows Friends To See Your Deepest Darkest Secrets
You know that friend who always tells you that they can keep a secret, until you realise that they’ve been telling you everyone else’s? The kind of things that people confide in confessional app Secret range from admissions of affairs to declarations of love for pets, all wholly anonymously – or at least so they thought.
The company has been forced to overhaul its security procedures after white-hat hacking company Rhino Security Labs alerted those in charge of a loophole in the app’s system which made it possible to identify what a specific friend had posted on the app.
The ‘hack’ was hardly even that. When you install Secret, the app pulls info from your contacts list and Facebook to create a list of your ‘friends’ in the app. To maintain anonymity, you won’t see any of these friends’ secrets until you have at least ten. What Rhino Security did was create a new Secret account along with ten dummy email addresses, then add the person they wanted to follow as a friend. Since the app didn’t realise that ten of Rhino’s ‘friends’ were fake, it would show you secrets posted by the real person you added. With a little automation, the company was able to spy on the secrets of as many people as they wanted.
The fault is more embarrassing than dangerous; users are more likely to be exposed for hating their mother-in-law than have their bank account details stolen. Nonetheless, it’s yet another reminder (if one were needed) that even those aspects of social media based entirely around the concept of anonymity have the potential to blow up in your face.
Secret is often simplistically seen as Whisper’s less successful cousin, but it’s had no small amount of achievement: although it can only boast users in the single-digit millions (in an era when apps can hit hundreds of millions of downloads in a week), it has reportedly reached a $100 million valuation in nine months of active operation. It has an engaged and active user base, despite the low numbers, which can be more useful than a sprawling but largely unengaged population.
The site has also had issues with cyberbullying. It has implemented recent updates to detect when real names and pictures of people are being used; the app’s ‘friends’ feature means that secrets can be tailored so that their true intent is clear to a desired audience – something the developers have worked to combat. They’ve particularly tried to reverse the negative public perception of the app following an accusation by mental health campaigner Christine Lu that executives at the company were “too busy raising money to care” about the warnings she gave them about potential dangers of the service.
In addition, one secret published on the app revealed that the app’s founders had sold $4.5 million of their own stock in the company six months after its inception. While this is clearly not a great show of confidence, as one reply pointed out: ‘Cmon, they would have been stupid not to. This thing doesn’t have any monetization potential’. Perhaps not, but their swift wholesale response to this security breach suggests that they are intent on keeping Secret a going concern for the foreseeable future.
Douglas is an English Literature graduate who has written about everything from music to food to theatre, now a content creator for Social Media Frontiers. No topic too large or too small. Follow him @DouglasAtSMF.
Contact us on Twitter, on Facebook, or leave your comments below. To find out about social media training or management why not take a look at our website for more info http://socialmediacambridge.co.uk/.
Secret Reacts To Security Breach
Reviewed by Anonymous
on
Tuesday, September 02, 2014
Rating: