Whisper app leaked deeply personal information of millions of users

Whisper, a free social media app that allows users to post and share photos and video messages anonymously, recently exposed the personal information of millions of users via an unsecured database.

An investigation by The Washington Post has revealed that an unsecured database associated with Whisper contained up to 900 million data records including information like gender, ethnicity, sexual orientation, nickname, place of work and the location of a large number of users. Since the database was not protected by any password, it was accessible to anyone with an Internet connection.

According to researchers at Twelve Security who spoke to The Washington Post, though the application did not store real names of its users, information stored in the database could be used to identify individuals and blackmail them. Data belonging to minors could also have been exposed via the unsecured database as researchers found more than 1.3 million Whisper users who were below the age of fifteen.

In the past, Whisper came to the limelight in 2014 for collecting location data on its users, even if they had opted out. The company, however, said that they don’t follow or track its users and that the database isn’t publicly available. The first version of the application was launched in 2012 and its still unclear exactly how long this database was exposed publicly.

Data records stored by Whisper could be used to blackmail families

Lauren Jamar, the vice president of content and safety at Whisper’s parent company, MediaLab, said that the company strongly disputed the findings of The Washington Post. The posts and their ties to locations, ages and other data, she said, represented “a consumer facing feature of the application which users can choose to share or not share.”

Kyle Olbert, a human rights activist and researcher said: “The big issue here is that they have exposed their users’ data en masse. This is the difference between a user handing you their business card and Whisper leaking an entire phone book. This is the most intimate data laid bare in a massive unprotected database for the entire world to see.

"Whisper promotes itself as “the largest online platform where people share real thoughts and feelings … without identities or profiles,” had confessions like “My son was conceived at a time when I cheated on his father … I just hope he will never find out,” and “My Parents Sent Me to Boarding School Because I Got Pregnant”.

"Apart from the invasion of privacy, this data can be used to expose and blackmail members of vulnerable minority groups based on their sexual orientation, religion, ethnicity or health status. No matter what happens from here on out, the data has been exposed for years, People could have their lives ruined and their families blackmailed because of this.” Olbert added.

ALSO READ: Unsecured MongoDB database exposed personal data of 8m UK shoppers

MORE ABOUT: ,