Whisper Secret Sharing App Has its Database Publicly Exposed Since 2012
Whisper Secret Sharing App Has its Database Publicly Exposed Since 2012

Whisper, an anonymous secret-sharing platform launched in 2012 was just another firm leaving its database password unprotected. The database of this was exposed to the public since it’s inception and was taken down recently. It contained sensitive records of over 900 million users, with significant accounts as teenagers.

Since 2012!

Whisper gained enough traction during its initial stages, which garnered the service hundreds of millions of subscribers to date. The service is now having a monthly active user count of 30million, making it still worthy. A report by The Washington Post revealed the platform has inadvertently exposed its entire user database, that contained sensitive information.

Whisper Secret Sharing App Has its Database Publicly Exposed Since 2012
Whisper Secret Sharing App Has its Database Publicly Exposed Since 2012

The database was not password protected, thus letting anyone search and access it online. A real-time query as users under 15-year-old made by The Washington Post retrieved accounts of more than 1.3 million. The Whisper is actively used by teenagers and under-aged. Further analysis into the type of content being shared revealed the under 18 children sharing their confessions about their sexual encounters and orientations.

It’s not just the content being sensitive, but the leaked data too. The exposed database has information like in-app nickname, memberships in any groups, location, age, residential address, and ethnicity. It’s a relief that Whisper doesn’t recommend users to set real names, so as to be anonymous in sharing content. Still, the exposed information if fallen into wrong hands can be used for identify theft.

Whisper’s reaction

The database was immediately taken down when The Washington Post informed the parent company, MediaLab. Though it’s a mistake, MediaLab argued that the information was supposed to be public-facing, as this was more like a feature in-app provided to users. Later, it admitted that it’s not designed to be queried publicly, so taken down immediately.

Via: The Verge

LEAVE A REPLY

Please enter your comment!
Please enter your name here