The anonymous messaging app Whisper has kept its database exposed on the Internet since the service was launched, according to a report by The Washington Post published this Tuesday (10). The information was available without a password or encryption, and was removed from the network after the American newspaper contacted the Whisper app company on Monday (9).
READ: Polmico, anonymous messaging app turns global fever
The app, which calls itself "the safest place on the Internet", popular with young people for allowing the sharing of confessions and advice. Cybersecurity experts at The Washington Post estimate that it was possible to access almost 1 billion posts from nearly 900 million users through the unprotected bank. The oldest records date back to 2012, the year that Whisper was made available in virtual stores for Android and iPhone (iOS) phones.
Whisper's "secret" records could be accessed in an unprotected database on the web Photo: Clara Fabro / TechTudo
Consumer Week 2020: Want to buy cell phones, TV and other products at a discount? Meet Compare TechTudo
The discovery of the unprotected database was made by independent researchers, who reported the leak to The Washington Post. Among the information exposed on the Internet were the location of users' posts, last login information, age, ethnicity, gender, hometown and username on Whisper.
Data on user groups (with specific themes, such as sexuality and fetishes) were also exposed on the network. The database did not display the users' real names, but information such as address, gender and age could help identify the person behind the private messages.
As the app is known among young people, the coordinates of the publications include addresses of schools, home districts and business centers. According to The Washington Post, it was possible to access data from about 1.3 million users aged 15 years old at the minimum age to use the Whisper 13 years old.
In response to The Washington Post, Whisper stated that much of this information was public to users of the application, but that "they were not designed to be consulted directly". After the newspaper and the group's researchers contacted the authorities and the company, access to the information was interrupted, and the users' data was removed.
Sarahah: how to use app on PC or computer? Find out in the TechTudo forum.
Meet Sarahah, new anonymous messaging app