Whisper is a social media platform and app thats core focus is to allow its users to anonymously share secrets, often intimate in nature, and chat to people with shared interests.An investigation by The Washington Post, however, has revealed that Whisper left the information of nearly 900 million users exposed to anyone that wanted to view it, located in a database that wasnt password protected and was accessible by the public.The database contained a variety of compromising user details that are tied to each whisper (the platforms name for a post), including sexual orientation, gender, age, ethnicity, nickname, place of work and the location data for the users last post.While the database didnt contain the real names of any users, the researchers that uncovered it were concerned that the amount of information included could have lead to individuals being uncovered, and even blackmailed given the private nature of the platform.Obviously this is concerning for any user, but its especially troubling considering Whisper allows any user over the age of 13 to sign up.
A reporter with the Post found 1.3 million results when searching the database for users that had listed their age as being 15.Immediately after the researchers had alerted both the company and law enforcement to the database, access to it was blocked.
In response, a representative of Whisper told the Post that the extra data tied to posts was a consumer facing feature of the application which users can choose to share or not share.After being found to collect location data on its users in 2014, even if theyd opted out, Whisper stated that it doesnt follow or track its users and that its database isnt accessible to the public.
The app first launched in 2012 but its unclear exactly how many years this database has been exposed to the public for.