Be Careful What You Post on Secret - It's Been Hacked

Apparently 'anonymous' is not the same as 'untraceable', according to Secret Chief

Head Image
© 2017 Miguel Pires da Rosa Flickr

Let's just hope that you weren't the person that posted on Secret, "I have a college degree, but it still takes me multiple attempts to remember which is my right and left hand." Why? Because it has now emerged that Secret app is not as anonymous as was first thought. 

The Washington Post reported this week that a pair of 'white-hat hackers' (hackers who consider themselves ethical) Benjamin Caudill and Bryan Seely have been able to isolate and identify the names of people behind the supposedly untrackable posts on Secret by using personal e-mail addresses. 

Quite simply, Caudill and Seely set up a number of dummy accounts and were able to identify the authors of certain posts by an algebraic process of elimination. 

Caudill told the Washington Post, "we were able to manipulate the process of adding friends to the app and replace real ‘friends’ with dummy accounts we created, causing the application to believe we have a large group of friends and that any one friends’ secret would be anonymous. In actuality, only one real person was added – the victim – so any secrets from friends would be identified as theirs."

“The thing we try to help people acknowledge is that anonymous doesn’t mean untraceable"

David Byttow, the company's chief executive, was forced to respond. He admitted to Wired that anonymity is not guaranteed.

“The thing we try to help people acknowledge is that anonymous doesn’t mean untraceable,..we do not say that you will be completely safe at all times and be completely anonymous.”

Cheers for that David. I'm sure the user who posted "I wanted a kitten. My husbands allergic. I secretly drug him with antihistamines every morning" is now calmly thinking, "good to know."

It's not the first time Secret has encountered problems. In fact, the Secret team fixed 42 security problems noticed by more than 30 white-hat hackers since it launched. The question now is will the confessional app that depends so much on the trust of people survive this PR disaster?