Venmo has a privacy loophole that exposes any profile photos you’ve uploaded — and leaves you with no way to delete them or even view what old photos you have.
The peer-to-peer payment app, owned by PayPal, allows you to upload a new profile photo to replace your old one. Since accounts on Venmo can’t be hidden or private (only transactions can be private), anyone can see your profile photo.
Most people would assume that when they replaced their photo, the old photo is gone for good — especially since there is no way to explicitly delete it or view a gallery of past photos within the app.
That’s not true.
Instead, the older photos are still stored on Venmo’s servers and are accessible by anyone to view. It’s possible to go into the website version of Venmo and manually change an obvious part of the image URL to reveal older photos. BuzzFeed News tested this with several staffers and was able to find their old photos.
Caitlin Girouard, a spokesperson for PayPal, which owns Venmo, said: “At Venmo, the safety and privacy of our users and their information is always a top priority, which is why we’re constantly evolving and strengthening our privacy measures. Customers also have the ability to control privacy settings in the app, including choosing whether or not to upload a profile picture and the ability to change their publicly visible photo at any time.”
Other social networks like LinkedIn and Facebook have an option to delete a profile photo, and it’s not possible to easily guess the URL for other private photos. On Venmo, if you upload a profile photo, you can never go back to the default of no photo — you can only upload new photos.
Revealing older profile photos could cause serious harm for some people. For trans people, this could reveal photos with outdated gender presentations. For victims of stalking — a group already endangered by Venmo’s lax privacy policies — this could allow stalkers to find a victim’s account even if they had changed the photo.
Venmo’s retention of old profile photos has another cause for concern: A lawsuit alleges that facial recognition company Clearview AI scraped Venmo’s profile photos to train its AI.
“Venmo’s settings and design frequently violate users’ privacy expectations, and this profile picture problem is no exception,” said Gennie Gebhart, a privacy researcher at the Electronic Frontier Foundation. “Payment apps host some of our most sensitive activity and information, and people should be able to use them without running into unpleasant surprises like this.”
It’s unlikely that many people have used this loophole. However, editing a URL in a very simple way to reveal extra photos doesn’t require any special hacking skills, and a motivated person could come across this. But social features like commenting on friends’ transactions give the illusion that Venmo has the same level of social privacy that other apps like Facebook, Instagram, or LinkedIn do. Those social networks offer the option to permanently delete a profile photo and don’t retain deleted photos on their servers.
“While this does not seem to be an intentional feature, it demonstrates that Venmo has failed to provide their users with the desired level of control over their data,” Vahid Behzadan, assistant professor of cybersecurity and networks, data science, and computer engineering at the University of New Haven, told BuzzFeed News.
Last week, BuzzFeed News revealed how it was easy to find President Joe Biden and his wife Jill’s personal accounts within minutes, after a New York Times article included a brief mention that Biden had sent money to his grandkids through Venmo.
That discovery highlighted Venmo’s privacy problems. While it’s possible to make individual transactions private, it’s not possible to make the existence of your account or your friend lists private. The public nature of the friend list of the sitting president and several of his top aides poses a serious national security issue. Both Bidens have since deleted their accounts on Venmo.