Whisper app exposed data that tied millions of secrets to users' personal info, report says

A database with years of records was reportedly left open to the public web.

Carrie Mihalcik Former Managing Editor / News
Carrie was a managing editor at CNET focused on breaking and trending news. She'd been reporting and editing for more than a decade, including at the National Journal and Current TV.
Expertise Breaking News | Technology Credentials
  • Carrie has lived on both coasts and can definitively say that Chesapeake Bay blue crabs are the best.
Carrie Mihalcik

Whisper says its app lets people "share real thoughts and feelings."

Jennifer Van Grove/CNET

Whisper, a popular social app that lets people anonymously post confessions and secrets, reportedly left a database exposed that tied messages to a user's age, location and other details. Records for millions of messages were viewable to anyone on a database that was open to the public internet, according to a report Tuesday from The Washington Post

The database didn't contain real names but tied anonymous whispers to "a user's stated age, ethnicity, gender, hometown, nickname and any membership in groups, many of which are devoted to sexual confessions and discussion of sexual orientation and desires," according to the Post. The data also reportedly included location coordinates for a person's most recent whisper.

Access to the database, which was discovered by independent researchers, was removed after the app was alerted to the data exposure on Monday, according to the Post. The researchers also reportedly alerted federal law enforcement officials. 

Whisper didn't immediately respond to a request for comment. A company official told the Washington Post that much of the data was meant to be public from within the app, but the database was "not designed to be queried directly."

Read More: Equifax, MGM Resorts and beyond: Every major security breach and data hack

Watch this: What to do if your personal information is part of a data breach