Whisper App Exposes Intimate Secrets Of Nearly A Billion Users – Experts Insight

As reported by TechRadar, an investigation by The Washington Post has revealed that Whisper (a social media platform that’s core focus is to allow its users to anonymously share secrets ) left the information of nearly 900 million users exposed to anyone that wanted to view it, located in a database that wasn’t password protected and was accessible by the public. The database contained a variety of compromising user details that are tied to each ‘whisper’ (the platform’s name for a post), including sexual orientation, gender, age, ethnicity, nickname, place of work and the location data for the user’s last post.

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Robert Prigge
InfoSec Expert
March 13, 2020 11:57 am

Whisper\’s failure to protect its online database has opened this secret-sharing app\’s 900 million users up to some serious trouble. Due to the sensitive nature of the compromised customer data, Whisper\’s users are now prime candidates for blackmail and account takeover fraud, where a hacker could use this stolen information to access other accounts, posing a problem for other businesses that could fall victim as a result.

Until organizations stop relying on outdated verification methods, we can expect to see this same vicious cycle to continue. It is vital that organizations turn to biometric authentication, which is significantly more secure, reliable, and delivers a much higher level of assurance. Leveraging biometrics will protect the next generation of consumers while avoiding the same basic security pitfalls that are fueling the fraud epidemic plaguing enterprises and consumers alike.

Last edited 2 years ago by Robert Prigge
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
March 12, 2020 1:27 pm

If companies are still leaving data online, unprotected without a password, they should face the consequences of their actions. Sensitive information should be considered their most valuable asset and requires constant monitoring for its security.

Such information as ‘nickname’ could even pose a risk with answering basic “forgotten password” security questions, should criminals want to gain access to accounts when requesting new passwords. Criminals can do a lot of damage with such information and this should not be taken lightly.

Last edited 2 years ago by Jake Moore
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x