This week white hat hacker Ben Caudill has revealed the identity of a friend in the app Secret. He’s done this with a simple method that allows him to identify the Secrets (generally anonymous) posted by those he has on his contacts list. While this may seem like a death-bell for the app that prides itself on anonymity, it’s all par for the course.
Caudill is only the latest in a line of hackers to come forth to the Secret developer team with a hack of their software. They exchange this hack with the necessary code to the Secret dev group for reward cash.
Once the dev team behind Secret have the method, they’re able to patch it. And the security hole is fixed.
Two things you need to understand about this situation:
1. There is no app that’s 100% secure. If you’re using the internet, you’re transferring data through ways and means that have exploitable features. MOST of the time you won’t have to worry about these often-obscure hacks. But they are there.
2. This particular “hack” involved the use of multiple Secret accounts. Once Caudill had the requisite number of connections for Secret to create a group, he had only to add one email address to his contacts that wasn’t one of his own. Any secrets from that group then came from that one email address.
This hack is being fixed as we speak. It’s likely already fixed, as it were – Caudill co-founder of security group Rhino Security Labs, a group whose CTO Bryan Seely have already turned the hack over to Secret earlier this week. No worries!