Since the database included users’ age, and Whisper was a hit among teens, it would’ve been easy for bad actors to find underage users — especially since the records also contained the location coordinates of their last posts, which pointed to specific schools, neighborhoods and workplaces. WP says it found 1.3 million results when it searched for users aged 15.
In addition, the database didn’t just include details on newer users. Matthew Porter and Dan Ehrlich, cybersecurity consultants from Twelve Security, told the publication that they were able to access almost 900 million user records dating from the time the app was released in 2012.
Lauren Jamar, the VP of content and safety at Whisper’s parent company MediaLab, said the sensitive details in the database represented “a consumer facing feature of the application which users can choose to share or not share.” But the researchers explained that the real problem is that Whisper exposed its users’ data en masse, allowing randos to download it all.
The good news is that the researchers alerted law enforcement officials about the data exposure. Further, Whisper removed access to the data shortly after being notified by the researchers and The Post. This isn’t the first time the service was caught in a security-related controversy, though. Back in 2014, The Guardian reported that it tracked users’ location information even if they opted out and also shared information with the US Department of Defense.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.