An investigation by researchers revealed the leakage of user data from the famous secret-sharing app Whisper on to the web via an unprotected database.
The secret-sharing app Whisper has left years of personal and intimate confessions of people out in the open on a non-password protected database.
Whisper is an app where people can share their secrets, confessions and other personal information with strangers under an anonymous identity via "Whispers". The app claimed to be the “safest place on the Internet”. This leakage of data on the Web is tied to a person’s age, location and other details, raising alarm among cybersecurity researchers that users could have been unmasked or blackmailed.
The data exposure, discovered by independent researchers and shown to The Washington Post, allowed anyone to access all of the location data and other information tied to anonymous “whispers” posted to the popular social app, which has claimed hundreds of millions of users.
It was also found that the data could be downloaded in bulk. The data also held the location coordinates of the users’ last submitted post, many of which pointed back to specific schools, workplaces and residential neighbourhoods.
Early Tuesday, the company said in a statement that much of the data was meant to be public to users from within the Whisper app. The database found by the researchers, however, was “not designed to be queried directly,” a company official said.
The exposed records did not include real names but did include a user’s stated age, ethnicity, gender, hometown, nickname and any membership in groups, many of which are devoted to sexual confessions and discussion of sexual orientation and desires.
This breach has also put the protection of children online as well as 1.3million users were listed as 15-year old’s. The data downloaded can be combined with other sensitive data sets which poses a huge threat to the user’s privacy. The researchers alerted the company and the law enforcement officials to the exposure. Shortly after researchers and The Post contacted the company on Monday, access to the data was removed.
This very worrying for users around the globe with their personal information being out in the open and this is clearly a breach of privacy.
You might like this