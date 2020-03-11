Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Fetishes Exposed by Secret-Sharing App Whisper

A free secret-sharing app that touted itself as the "safest place on the internet" has exposed millions of intimate messages in a breach that involves several years' worth of data. 

Social media app Whisper, which offers people a place in which to post and share photo and video messages anonymously, has attracted over 30 million users since launching in 2012.

Yesterday, the Washington Post reported that the team behind the popular app had stored users' most personal of personal data online in a non-password-protected database accessible to the public.  

Whisper users' data found to be free ranging on the net included intimate confessions, fetishes, ages, ethnicities, genders, and location information. Among the viewable data were 1.3 million records involving users who had listed their age as 15. 

Geolocation information attached to many users' last submitted post pointed back to specific schools, residential neighborhoods, workplaces, and international military bases, including a secure US military missile facility.  

This massive breach of the kind of data blackmailers dream of finding was discovered by independent cybersecurity consultants Matthew Porter and Dan Ehrlich, who tipped off the Post

What Porter and Ehrlich found confirmed that no one who has ever used Whisper can be confident that their secrets are still safe. 

Porter and Ehrlich, who lead the advisory group Twelve Security, told the paper that they were able to access nearly 900 million users' records dating from the app's launch eight years ago right up to the present day.  

The pair were also able to access any user's account and view which messages they had responded to and the time of their last login. 

Ehrlich described the failure of Whisper to secure users' records as "grossly negligent."

Interestingly, the consultants learned from the breach that Whisper rates its users on the likelihood of their being sexual predators. About 9,000 users had a 100% "predator probability" score. 

Federal law enforcement officers were notified of the breach by the two consultants, who also alerted the app's operators to what was going on. Access to the data has now been removed. 

In a statement released on Tuesday, team Whisper said the database Porter and Ehrlich stumbled upon was “not designed to be queried directly.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Carnival Cruise Lines Hacked

2
News

Walgreens App Error Has Customers Viewing Each Other's Personal Messages

3
News

Home Office Admits 100 GDPR Breaches in EU Scheme

4
News

CIA Accused of Mounting 11-Year Cyber-Attack Against China

5
News

Canada's Auditor General: "Our Main IT System Is Running on DOS"

6
News

Tesco Issues 600,000 New Clubcards After Brute Force Attack

1
News

First 100,000 Victims of Western Union Fraud Scheme Receive $153m

2
News

UK Budget: Investments Must Focus on Cybersecurity and Privacy, Say Experts

3
Interview

Interview: Paul Vixie, CEO, Farsight Security

4
News

Fetishes Exposed by Secret-Sharing App Whisper

5
Blog

Growing VPN Exploitation Is Cause For Concern

6
News

Paradise Ransomware Uses IQY Attachments to Stay Hidden

1
Webinar

2FA or MFA: Which Authentication is Right for Your Business?

2
Webinar

Make Your Own Security Superstars: Scale and Upskill Your Security Team

3
Webinar

Gain Control and Security of Your File Collaboration

4
Webinar

Leveraging ISO 27001 to Manage Cyber & Information Security Risks

5
Webinar

AI in Security: Keeping Up with the Trend

6
Webinar

Zero Trust: A Cybersecurity Essential and the Key to Success

1
Blog

Linux Kernel Live Patching: What It Is and Who Needs It

2
Interview

#InternationalWomensDay Interview: Stina Ehrensvärd, Yubico

3
Blog

Coronavirus and the Cybersecurity Threat Landscape

4
Opinion

#HowTo Be Sure You Choose a Safe and Secure Hosting Provider

5
Interview

#InternationalWomensDay Interview: Limor Kessem, Executive Security Advisor, IBM Security

6
Blog

Security by Sector: 148% Increase in Cyber-Attacks on The Pensions Regulator in 2019