Whisper, an anonymous secret-sharing mobile app has been allegedly exposing private user data through a public online database, a report published on Thursday claimed. The secret-sharing app was launched in 2012, and the majority of its users were below the age of 18. Using Whisper, posts such as video and photo messages could be shared anonymously. However, information such as age, location, and even the content of these posts was publicly available and were at the risk of being breached by potential hackers. MediaLab, the parent company of Whisper meanwhile, "strongly disputed these claims."
According to the report by Washington Post, this data was discovered by independent cyber-security researchers Matthew Porter and Dan Ehrlich who revealed that they were able to access data of nearly 900 million users through a non-password-protected database open to the public Web. The Washington Post also assessed the data, which showed the results of 1.3 million users who had listed their age as 15.
The database did not include real names, as Whisper only allows users to share "secret" content anonymously. However, the unprotected data reportedly showed information including age, location, ethnicity, residence, in-app nickname, and membership in any of the app's groups. The report also observed that in many cases, information devoted to sexual confessions and orientation were also available. This means that with some additional information, it would likely be possible to de-anonymise this information.
The report added that the researchers had alerted federal law-enforcement officials and MediaLab about the exposure. The access to the data was soon removed by the company after the contact.
Responding to the allegation, the company in a company said that "much of the data was meant to be public to users from within the Whisper app." The Vice President of content and safety at Whisper, Lauren Jamar also "strongly disputed" the findings by the researchers.
However, responding to the company's statement, Kyle Olbert, a human rights activist and researcher who reviewed the research told Washington Post that the big issue here is that Whisper has exposed its users' data en masse. "This is the most intimate data laid bare in a massive unprotected database for the entire world to see," he added.
The report further claimed that the app rated users on the potential that they were a sexual predator. Although the methodology of this is unknown, it was indicated that nearly 9,000 users had a score of 100 percent.
This is not the first time Whisper has been called for its patch security promise. The company drew heavy criticism in 2014 when another report exposed that Whisper was gathering users' location.