Whisper App Silently Leaked Extremely Intimate User Profiles And Location Data Online
Whisper is an app that was meant to allow users to anonymously share highly intimate details on their sexual preferences and other data without other users knowing who they really were. The app has been confirmed to have leaked personal information online that was tied to the location of the user. The leaked messages were publicly viewable until a major news outlet contacted Whisper before running a story on the breach.
Ironically, Whisper calls itself the "safest place on the Internet" and claims to have hundreds of millions of users. For years the app left intimate confessions exposed on the Web that were tied to the posters age, location, and other details. The concern for these intimate details being leaked, according to cybersecurity researchers, is that users of Whisper could have been identified or blackmailed.
The Washington Post says that the data exposure was discovered by independent researchers, which said that it allowed anyone to access all the location data and other information tied to the anonymous whispers that users shared on the app. All the records were viewable in a non-password-protected database open to the public Web. Some of the data was tied to accounts used by minors.
A Whisper official said in a statement that much of the data was meant to be public from within the Whisper app. However, the company spokesperson said that the database the researchers found wasn't meant to be directly queried. No real names were included in the leak, but leaked data did include age, ethnicity, gender, hometown, nickname, and memberships in groups within the app. The most disturbing information in the leak was the location coordinates for the last submitted post; with some pointing to schools, workplaces, and residential neighborhoods. Whisper parent company, MediaLab, VP Lauren Jamar says that the data in the database was information that was part of a "consumer facing feature" of the app and that users could choose to share that data or not.
Data leaks and security breaches seem to be nonstop. Recently we talked about a Samsung data breach triggered by the odd "I" notifications that users received in February.