A recent Whisper accidental overexposure is shedding light on the importance of online security. In 2012, the Whisper app was launched to be a completely private and anonymous chat with others. The point was that users could share their deepest, darkest secrets with other users without having to worry about anyone finding out who they were.
From the very beginning, Whisper has been plagued with privacy concerns, notably after experts discovered that “anonymous” does not mean what most users thought it did. The company and the app’s developers were tracking geographic locations and coordinates of where users posted, their devices’ unique IP addresses and more.
Now, a Whisper accidental overexposure has occurred. The newly discovered database of information that was not password protected—and therefore was visible to anyone on the internet—shows that the company was also keeping up with the content the users posted as well. Secrets, sexual orientations that had not been made public, explicit fantasies and sexual “adventures,” and other very sensitive information for about 900 million “whispers” were all stored in the database. Worse, some of the accounts belonged to users who listed their ages as young as fifteen years old. In fact, more than one million of the account entries were for that age alone.
All of the information that was harvested and collected in a single database had been shared as a “public” post on the app. However, the researchers argue that did not mean “public to anyone on the internet,” especially the posts belonging to minors or ones that were sexually explicit in nature. The database exposed in the Whisper accidental overexposure was an aggregation of all these whispers combined with usernames, genders, sexual orientations if listed and geographic locations. Although the information exposed did not include names, information such as geographic locations and coordinates, and IP addresses could be pieced together along with data from other data breaches to find the real identities of the Whisper users. As highlighted in the 2019 End-of-Year Data Breach Report, with unsecured data comes the question of whether the data was accessed by criminals, and unfortunately, the question is often answered when the user’s information is posted online for sale.
Users of this app or any other that claims to be safe, private or anonymous need to understand that in the world of technology, that is not exactly the definition you might be used to. Remember, if any app or platform is free for you to use, someone is making money off of it somehow. It might be through targeted advertising, selling your profile information or other mechanisms that allow the creators to turn a profit. It is important to find out how the app’s creators stay in business before you sign up.
If you think you may be a victim of identity crime, contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For the latest scams, sign-up for our TMI (Too Much Information) Weekly newsletter.
You might also be interested in…