Whisper: Secret-sharing app exposes fetishes and other intimate details of nearly one billion people

One confession states: 'My son was conceived at a time when I cheated on his father'

Anthony Cuthbertson
Thursday 12 March 2020 07:44
Comments
Whisper app breach exposed the data of millions of users
Whisper app breach exposed the data of millions of users

Private details of around 900 million people have been exposed after an online database containing information of Whisper app users was left online without password protection.

Whisper's core focus is to allow users to anonymously share secrets and has around 30 million monthly active users. Since it was launched in 2012, people have used it to post confessions and discuss private matters like sexuality, unwanted pregnancies and domestic abuse.

The database contained compromising user details that could potentially be used to identify the person behind a post, including their nickname, location, age, gender, ethnicity and sexual orientation.

It was discovered following an investigation by The Washington Post, with researchers warning that the information could lead to users being blackmailed due to the sensitive nature of the data.

One confession linked to an exposed account stated: "My son was conceived at a time when I cheated on his father."

The information was not password protected, with Whisper claiming that it was "not designed to be queried directly". The database has since been taken down.

Cyber security experts warned that the data breach could have implications far beyond the initial breach, with criminals potentially able to exploit the exposed data to carry out further attacks.

"If companies are still leaving data online, unprotected without a password, they should face the consequences of their actions. Sensitive information should be considered their most valuable asset and requires constant monitoring for its security," said Jake Moore, a security specialist at ESET.

"Such information as 'nickname' could even pose a risk with answering basic 'forgotten password' security questions, should criminals want to gain access to accounts when requesting new passwords."

Whisper did not immediately respond to a request for comment from The Independent.

It is not the first time the app has been caught up in a privacy scandal. A 2014 report by The Guardian claimed that Whisper was tracking the location of users, regardless of whether or not they opted out of sharing their location data.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in