Researchers say a security flaw meant your Whispers weren’t as secret as you might’ve thought

A database on the open web left Whisper users’ confessions exposed. Access to the data was removed after it was brought to light.


March 10, 2020

The internet loves a secret.

Frank Warren got famous for giving secret-keepers worldwide a chance to spill their guts in the mail. Campus confessional sites were once an entire internet genre. An app called Whisper put the confessional on your phone.

But what if they were careless whispers?

According to The Washington Post, researchers found a Whisper database on the open web. It left confessions exposed — and tied to details like users’ ages and locations.

The trove was huuuge: It gave access to ~900m records, dating back to the app’s release in 2012. A sample: “My son was conceived at a time when I cheated on his father… I just hope he will never find out.”

When asked about the findings, Whisper’s parent company, MediaLab, disputed them — and borrowed a favorite argument of app developers everywhere.

That’s a feature, not a bug!

A MediaLab VP said the detailed posts represented “a consumer facing feature of the application which users can choose to share or not share.”

But the researchers said bulk access isn’t exactly what the confessors bargained for. Access to the data was removed after it was brought to light.

Daily briefings, straight to your inbox

Business and tech news in 5 minutes or less

Join over 1 million people who read The Hustle

Psst

How'd Bezos build a billion dollar empire?

In 1994, Jeff Bezos discovered a shocking stat: Internet usage grew 2,300% per year.

Data shows where markets are headed.

And that’s why we built Trends — to show you up-and-coming market opportunities about to explode. Interested?

Join us, it's free.

Look, you came to this site because you saw something cool. But here’s the deal. This site is actually a daily email that covers the important news in business, tech, and culture.

So, if you like what you’re reading, give the email a try.