Researchers say a security flaw meant your Whispers weren’t as secret as you might’ve thought

A database on the open web left Whisper users’ confessions exposed. Access to the data was removed after it was brought to light.

The internet loves a secret.

Researchers say a security flaw meant your Whispers weren’t as secret as you might’ve thought

Frank Warren got famous for giving secret-keepers worldwide a chance to spill their guts in the mail. Campus confessional sites were once an entire internet genre. An app called Whisper put the confessional on your phone.

But what if they were careless whispers?

According to The Washington Post, researchers found a Whisper database on the open web. It left confessions exposed — and tied to details like users’ ages and locations.

The trove was huuuge: It gave access to ~900m records, dating back to the app’s release in 2012. A sample: “My son was conceived at a time when I cheated on his father… I just hope he will never find out.”

When asked about the findings, Whisper’s parent company, MediaLab, disputed them — and borrowed a favorite argument of app developers everywhere.

That’s a feature, not a bug!

A MediaLab VP said the detailed posts represented “a consumer facing feature of the application which users can choose to share or not share.”

But the researchers said bulk access isn’t exactly what the confessors bargained for. Access to the data was removed after it was brought to light.

Get the 5-minute news brief keeping 2.5M+ innovators in the loop. Always free. 100% fresh. No bullsh*t.