Researchers say a security flaw meant your Whispers weren’t as secret as you might’ve thought

A database on the open web left Whisper users’ confessions exposed. Access to the data was removed after it was brought to light.

The internet loves a secret.

Frank Warren got famous for giving secret-keepers worldwide a chance to spill their guts in the mail. Campus confessional sites were once an entire internet genre. An app called Whisper put the confessional on your phone.

But what if they were careless whispers?

According to The Washington Post, researchers found a Whisper database on the open web. It left confessions exposed — and tied to details like users’ ages and locations.

The trove was huuuge: It gave access to ~900m records, dating back to the app’s release in 2012. A sample: “My son was conceived at a time when I cheated on his father… I just hope he will never find out.”

When asked about the findings, Whisper’s parent company, MediaLab, disputed them — and borrowed a favorite argument of app developers everywhere.

That’s a feature, not a bug!

A MediaLab VP said the detailed posts represented “a consumer facing feature of the application which users can choose to share or not share.”

But the researchers said bulk access isn’t exactly what the confessors bargained for. Access to the data was removed after it was brought to light.

Get the 5-minute roundup you’ll actually read in your inbox​

Business and tech news in 5 minutes or less​



How'd Bezos build a billion dollar empire?

In 1994, Jeff Bezos discovered a shocking stat: Internet usage grew 2,300% per year.

Data shows where markets are headed.

And that’s why we built Trends — to show you up-and-coming market opportunities about to explode. Interested?