Whisper: Secret-sharing app exposes fetishes and other intimate details of nearly one billion people

One confession states: 'My son was conceived at a time when I cheated on his father'

Anthony Cuthbertson
Thursday 12 March 2020 03:44 EDT
Comments
Whisper app breach exposed the data of millions of users
Whisper app breach exposed the data of millions of users (Getty Images/iStockphoto)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Private details of around 900 million people have been exposed after an online database containing information of Whisper app users was left online without password protection.

Whisper's core focus is to allow users to anonymously share secrets and has around 30 million monthly active users. Since it was launched in 2012, people have used it to post confessions and discuss private matters like sexuality, unwanted pregnancies and domestic abuse.

The database contained compromising user details that could potentially be used to identify the person behind a post, including their nickname, location, age, gender, ethnicity and sexual orientation.

It was discovered following an investigation by The Washington Post, with researchers warning that the information could lead to users being blackmailed due to the sensitive nature of the data.

One confession linked to an exposed account stated: "My son was conceived at a time when I cheated on his father."

The information was not password protected, with Whisper claiming that it was "not designed to be queried directly". The database has since been taken down.

Cyber security experts warned that the data breach could have implications far beyond the initial breach, with criminals potentially able to exploit the exposed data to carry out further attacks.

"If companies are still leaving data online, unprotected without a password, they should face the consequences of their actions. Sensitive information should be considered their most valuable asset and requires constant monitoring for its security," said Jake Moore, a security specialist at ESET.

"Such information as 'nickname' could even pose a risk with answering basic 'forgotten password' security questions, should criminals want to gain access to accounts when requesting new passwords."

Whisper did not immediately respond to a request for comment from The Independent.

It is not the first time the app has been caught up in a privacy scandal. A 2014 report by The Guardian claimed that Whisper was tracking the location of users, regardless of whether or not they opted out of sharing their location data.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in