Whisper app data leak exposes 900 million secret confessions: What to do (2024)

Whisper app data leak exposes 900 million secret confessions: What to do (1)

Back around 2014, there was a smartphone app called Whisper that let you confess your deepest, darkest secrets to a world of total strangers -- no real names allowed, of course. It was delightfully trashy and addictive.

Whisper is still around, although judging by the comments on its Google Play listing page, it's been "totally overrun by literal prostitutes soliciting, thirsty males, and fake spam accounts."

Whisper is back in the news because an unprotected database containing 900 million Whisper posts, and all the metadata related to those posts, was recently found online.

No real names were involved, but according to The Washington Post, which broke the story yesterday (March 10), the data included "a user's stated age, ethnicity, gender, hometown, nickname and any membership in groups."

Many of those groups, the Post noted, are or were "devoted to sexual confessions and discussion of sexual orientation and desires".

  • The best encrypted messaging apps: Keep your communications secure
  • Best Android antivirus: Make sure your phone is clean
  • Update: E3 2020 officially cancelled: So what happens now?

What you can do

If you've got Whisper installed on your iPhone or Android phone, it might be best to just delete it. The app collects "precise location (GPS and network-based)", according to the device permissions listed on its Google Play Store page, which tells Whisper (and any mobile ad networks it runs) exactly where you are.

You can still lurk on Whisper by going to the unintentionally hilarious Whisper website. It's sort of a full-page equivalent of all those trashy ads you see pop up at the bottom of news websites, with topics like "Ladies Confess: I Am Dating A Trust Fund Baby" and "18 People Who Shockingly Lied Under Oath".

Sign up to get the BEST of Tom's Guide direct to your inbox.

Get instant access to breaking news, the hottest reviews, great deals and helpful tips.

Whisper is owned by Medialab, a holding company that also owns the teen-chat app Kik and the hip-hop-oriented website and social app DatPiff. We've reached out to Medialab for comment and will update this story when we receive a reply.

'Spies' for the Chinese?

The unprotected database was found by Dan Ehrlich and Matthew Porter, researchers from security firm Twelve Security. The exposed Whisper data goes back to 2012, the year Whisper was started.

In two blog postings today (March 11), Ehrlich accused Whisper staffers of being "spies for the Chinese Ministry of State Security" and implies that a lot of the data Whisper collected is being used to blackmail members of the U.S. military.

We have no way to assess the validity of those accusations, but Ehrlich pointed out that The Guardian in 2014 showed that Whisper could tell from GPS coordinates which posts came from military bases, the Pentagon and even the White House.

Precise location collection is not what you want to see in an app devoted to eliciting secret confessions from its users. Ehrlich pointed out that plenty of posts could be traced back to specific schools and offices.

But it's not all that bad

Now for the silver linings. Most of the metadata in the exposed database is and was publicly displayed on the Whisper app. That's kind of the point of the app. The database simply collates it all into an easy-to-search format.

"A search of users who had listed their age as 15 returned 1.3 million results," grimly notes The Post, but that isn't surprising as the app was especially popular among teens during its heyday.

So let's be clear: No real names, no dates of birth. The "nicknames" were the usernames the users created to be able to post, or were assigned randomly by the Whisper app. Likewise, most of the background images on the posts came from Whisper's own image library.

The only real risk of a Whisper post being traced back to you has to do with the precise location data, which might reveal which high school you attended in 2014.

The other upside, if it can be called that, is that there's no evidence that the database was discovered or exploited by anyone before Porter and Ehrlich found it. The database was taken down Monday (March 9) after The Washington Post contacted Whisper, although Ehrlich and Porter said they had also done so earlier.

Whisper app data leak exposes 900 million secret confessions: What to do (2)

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

More about social media

TikTok sued by DOJ over collecting data on millions of American childrenInstagram is stealing the worst thing about YouTube — unskipable ads

Latest

The Pixel 9 looks oddly like an iPhone — and I couldn’t be happier
See more latest►

No comments yetComment from the forums

    Most Popular
    Leagues Cup final live stream 2024: How to watch Columbus vs LAFC online and on TV
    7 best movies like 'Eternal Sunshine of the Spotless Mind' to stream
    NYT Connections today hints and answers — Sunday, August 25 (#441)
    NYT Strands today — hints, spangram and answers for game #175 (Sunday, August 25 2024)
    Liverpool vs Brentford live stream: How to watch Premier League game online and on TV, team news
    AEW All In 2024 live stream: start time, card and how to watch online today
    Wolves vs Chelsea live stream: How to watch Premier League game online and on TV, team news
    Bournemouth vs Newcastle live stream: How to watch Premier League game online and on TV, team news
    Bretagne Classic 2024 live stream: How to watch cycling online for free and from anywhere
    Max top 10 movies — here’s the 3 worth watching right now
    Meta and Snap tipped to show off game-changing AR glasses next month
    Whisper app data leak exposes 900 million secret confessions: What to do (2024)

    FAQs

    What data does Whisper collect? ›

    Additionally, we may collect potentially identifying information such as Internet Protocol (IP) addresses or publicly posted comments on blog posts. We also collect personal information voluntarily provided by users through website forms. The information you choose to provide is entirely up to you.

    What is the secret sharing app Whisper? ›

    Concept. CBS New York describes Whisper as "the place to go these days to vent, come clean, or peer into other people's secrets", and that the goal is that of "turning confessions into content". The app purports to promote online anonymity, and the developer claims this will prevent and combat cyberbullying.

    Is the Whispers app safe? ›

    Parents have a right to be skeptical about Whisper, and you should proceed with caution if your child is using this anonymous app. Some of the safety concerns with this app include: Users can join Groups relevant to their hometown or school which may indirectly disclose their location/identity.

    How anonymous is Whisper? ›

    Users can sign up to Whisper using a nickname and PIN number and then post any content they want, never having to reveal their identity. Unlike other social media apps, users do not have a profile on Whisper, so they do not have friends, followers, email addresses, photos or things that establish who they are.

    Can I be tracked on Whisper? ›

    Design, data and risks

    Whilst the Whisper app is advertised to be completely anonymous, in reality people can and have been traced on the app when they have broken the law. It is also important to be aware that despite promising anonymity, Whisper does take and use data from users, including location data.

    How do I delete Whisper data? ›

    You can delete all of the data Link Whisper has created on your site by activating the “Delete all Link Whisper data” option in the Link Whisper settings, and deleting the plugin. All Link Whisper created data will be removed except for any links that have been added.

    Who owns the Whisper app? ›

    Whisper is owned by the Santa Monica, Calif. -based holding company MediaLab, which also owns the messaging app Kik, mix tape service DatPiff and online-exam app CoCo E-Learning.

    How secure is Whisper? ›

    Whisper spells all this out pretty clearly in its privacy policy: “Regardless of efforts, no data transmission over the Internet or other network, including any of WhisperText's services can be guaranteed to be 100% secure.”

    Can police track Whisper? ›

    Don't Believe You Are Fully Anonymous

    Whisper does also comply with police investigations—even secrets worded as a joke that hint at illegal activities can be traced back to you and have real-world consequences.

    What are the concerns of whisper app? ›

    Top Safety Concerns of Whisper

    People can share everything with global users through Whispers, and everyone is anonymous. For this reason, some malicious people may post obscene content or other content which are not suitable for underaged users.

    What is replacing Whisper app? ›

    The best alternatives to Whisper 4.0 (iOS) are Hey From The Future, tbh app, and 🐤 Polly.

    What do people use Whisper for? ›

    Whisper is an app for people to anonymously post their secrets. It's a great way to get something off your chest, read other people's secrets, and even meet people online.

    Who is the whisper app child predator? ›

    ROANOKE, Va. – Matthew Benjamin Foltz, 29, of Cleveland, Ohio, used the messaging application “Whisper” to engage in sexually explicit conversations with someone he believed to be a 13-year-old girl from Virginia.

    What is the point of Whisper? ›

    Whisper is an anonymous social networking app. Users post confessions, either fact or fiction, by super imposing text on a picture. Whisper's unique selling point is that it is completely anonymous, with users issued a random nickname upon joining.

    How safe is Whisper AI? ›

    OpenAI's Whisper was found to generate harmful text due to hallucinations. Cornell University researchers have identified concerning behavior in OpenAI's speech-to-text transcriber Whisper, revealing its potential to hallucinate violent language.

    Can people see your location on Whisper? ›

    A lot of people use Whisper to express their anger and gossip anonymously. Thereafter, the app can either be allowed or denied access to your location. The best way to keep your identity and location private is by turning off location services.

    Does law enforcement use Whisper? ›

    Don't Believe You Are Fully Anonymous

    Whisper does also comply with police investigations—even secrets worded as a joke that hint at illegal activities can be traced back to you and have real-world consequences.

    Top Articles
    Latest Posts
    Article information

    Author: Ray Christiansen

    Last Updated:

    Views: 5323

    Rating: 4.9 / 5 (49 voted)

    Reviews: 80% of readers found this page helpful

    Author information

    Name: Ray Christiansen

    Birthday: 1998-05-04

    Address: Apt. 814 34339 Sauer Islands, Hirtheville, GA 02446-8771

    Phone: +337636892828

    Job: Lead Hospitality Designer

    Hobby: Urban exploration, Tai chi, Lockpicking, Fashion, Gunsmithing, Pottery, Geocaching

    Introduction: My name is Ray Christiansen, I am a fair, good, cute, gentle, vast, glamorous, excited person who loves writing and wants to share my knowledge and understanding with you.