Whisper: Secret-sharing app exposes fetishes and other intimate details of nearly one billion people

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Private details of around 900 million people have been exposed after an online database containing information of Whisper app users was left online without password protection.

Whisper's core focus is to allow users to anonymously share secrets and has around 30 million monthly active users. Since it was launched in 2012, people have used it to post confessions and discuss private matters like sexuality, unwanted pregnancies and domestic abuse.

The database contained compromising user details that could potentially be used to identify the person behind a post, including their nickname, location, age, gender, ethnicity and sexual orientation.

It was discovered following an investigation by The Washington Post, with researchers warning that the information could lead to users being blackmailed due to the sensitive nature of the data.

One confession linked to an exposed account stated: "My son was conceived at a time when I cheated on his father."

The information was not password protected, with Whisper claiming that it was "not designed to be queried directly". The database has since been taken down.

Cyber security experts warned that the data breach could have implications far beyond the initial breach, with criminals potentially able to exploit the exposed data to carry out further attacks.

"If companies are still leaving data online, unprotected without a password, they should face the consequences of their actions. Sensitive information should be considered their most valuable asset and requires constant monitoring for its security," said Jake Moore, a security specialist at ESET.

"Such information as 'nickname' could even pose a risk with answering basic 'forgotten password' security questions, should criminals want to gain access to accounts when requesting new passwords."

Whisper did not immediately respond to a request for comment from The Independent.

It is not the first time the app has been caught up in a privacy scandal. A 2014 report by The Guardian claimed that Whisper was tracking the location of users, regardless of whether or not they opted out of sharing their location data.