Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

admin
Pinned March 21, 2020

<> Embed

@  Email

Report

Uploaded by user
Whisper left users’ details exposed in an open database for years
<> Embed @  Email Report

Whisper left users’ details exposed in an open database for years

Mariella Moon, @mariella_moon

March 11, 2020
 
Whisper left users' details exposed in an open database for years | DeviceDaily.com

The once-popular app Whisper promises a place where you can share secrets anonymously. According to a Washington Post report, however, it left sensitive information that can be tied to users’ confessions exposed to the public for years. Apparently, Whisper kept a non-password-protected database that allowed anyone to freely browse its records. Those records included users’ age, ethnicity, gender, hometown, nickname and membership in groups, which were mostly about sexual confessions and sexual orientation discussions.

Since the database included users’ age, and Whisper was a hit among teens, it would’ve been easy for bad actors to find underage users — especially since the records also contained the location coordinates of their last posts, which pointed to specific schools, neighborhoods and workplaces. WP says it found 1.3 million results when it searched for users aged 15.

In addition, the database didn’t just include details on newer users. Matthew Porter and Dan Ehrlich, cybersecurity consultants from Twelve Security, told the publication that they were able to access almost 900 million user records dating from the time the app was released in 2012.

Lauren Jamar, the VP of content and safety at Whisper’s parent company MediaLab, said the sensitive details in the database represented “a consumer facing feature of the application which users can choose to share or not share.” But the researchers explained that the real problem is that Whisper exposed its users’ data en masse, allowing randos to download it all.

The good news is that the researchers alerted law enforcement officials about the data exposure. Further, Whisper removed access to the data shortly after being notified by the researchers and The Post. This isn’t the first time the service was caught in a security-related controversy, though. Back in 2014, The Guardian reported that it tracked users’ location information even if they opted out and also shared information with the US Department of Defense.

Engadget RSS Feed

(15)