Secret-sharing app `Whisper' left users’ data exposed on the Web

Hemani Sheth Mumbai | Updated on March 11, 2020

A representative image   -  istock

The app has exposed around 900 million user records dating all the way back to 2012 up till 2020.


A popular secret-sharing app Whisper, that called itself the “safest place on the Internet,” has left years of users’ data including intimate confessions exposed to users on the Web according to a Washington Post report.

The app has exposed user data including their age, location and other details, raising alarms among cybersecurity experts raising the question of privacy. The app allowed access to all the data and information tied to the anonymous confessions on the app to anyone on the internet.

Researchers were able to view data of millions of users on a non-password-protected database open to the public, the report said. A search for data of users aged 15 returned 1.3 million results, it further said.

Cybersecurity researchers Matthew Porter and Dan Ehrlich, who lead the advisory group Twelve Security were able to access approximately 900 million user records dating all the way back to 2012 up till 2020.

The incident was alarming as user data included intimate confessions from minors. The data leaked indicated the user’s stated age, ethnicity, gender, hometown, nickname and group memberships. The app had discussions regarding faith and sexual orientation, as well. The LGBTQ and Faith categories within the app are full of posts that discuss religious beliefs or sexuality in the open as Whisper claimed to offer an anonymous escape for the community, The Verge reported.


Apart from this, the app's new ability to search by location was also concerning. The data retrieved by researchers also included the location coordinates from where the user had last submitted their post. A lot of these coordinates pointed to specific schools, workplaces and residential neighbourhoods. The data also showed entries from locations in military bases. This could lead to users being tracked and blackmailed according to experts, the Post reported.

The researchers alerted the law enforcement post this discovery. Public access to the data was removed by Media Lab, Whisper’s parent company later as per the report.

The company released an official statement in which it had said that the majority of the data was meant to be public to users from within the Whisper app and was not designed to be found directly.

Published on March 11, 2020

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor

You May Also Like