A secret-sharing application, Whisper, left database of millions of its users vulnerable. Released in 2012, the application boasts over five million downloads on Android’s Play Store alone. It ranks 103 in the social media category on Apple Store. The application was created as an anonymous space to share secrets and confessions.
According to a report by the Washington Post, they could access the database of active as well as older users by getting real-time search results. The report claims that the database had sensitive information like age, location, gender and even the nicknames that were used on the application. A simple search of users that are aged 15 returned 1.3 million results.
Though users were not asked for real names, information like age and location could be used to blackmail the subscribers. The records were accessible via a database that was not password-protected. Cybersecurity consultants were able to access nearly 900 million user records that were being traced back to 2012.
According to the report, most of the locations tagged with the posts indicated schools, workplaces and residential colonies. In response to the report, a company official told the Post that the database was not designed to make direct queries. However, the data was meant to be public for users on the application. In the description of the application on Google Play Store, the company claims that they use Facebook Audience Network to deliver interest based ads.
According to the company, there are 30 million active users every month on the application and the app also interacts with other popular social media applications. Earlier in 2014, the app was under scrutiny after the company was caught tracking user location of even users that had opted out of the platform.