Venmo is using a service that intercepts your banking credentials
One of my friends recently purchased a piano keyboard from me, and sent me the money via Venmo. I’ve had a Venmo account for a while, but have never received payment before.
Venmo uses a third party service called Plaid, which enables you to validate your bank account and send money through it.
The popup dialog appeared to be from Chase:
It looked fishy to me, so I inspected the source. The reset password points to chase, but the form itself does not. I looked at the network request and confirmed that username and password are being sent directly to Plaid, not your bank:
When I provided incorrect credentials, Chrome displayed a data breach error suggesting I change my password:
I am definitely not ok with a service that tries to dupe me into thinking I’m signing into my bank and intercepts my username and password.
You probably shouldn’t be either.