Brief - The Hustle

Researchers say a security flaw meant your Whispers weren’t as secret as you might’ve thought

Written by Nick DeSantis | Jun 30, 2020 11:25:30 AM

The internet loves a secret.

Frank Warren got famous for giving secret-keepers worldwide a chance to spill their guts in the mail. Campus confessional sites were once an entire internet genre. An app called Whisper put the confessional on your phone.

But what if they were careless whispers?

According to The Washington Post, researchers found a Whisper database on the open web. It left confessions exposed — and tied to details like users’ ages and locations.

The trove was huuuge: It gave access to ~900m records, dating back to the app’s release in 2012. A sample: “My son was conceived at a time when I cheated on his father… I just hope he will never find out.”

When asked about the findings, Whisper’s parent company, MediaLab, disputed them — and borrowed a favorite argument of app developers everywhere.

That’s a feature, not a bug!

A MediaLab VP said the detailed posts represented “a consumer facing feature of the application which users can choose to share or not share.”

But the researchers said bulk access isn’t exactly what the confessors bargained for. Access to the data was removed after it was brought to light.