back to article Secret-sharing app Whisper shared secrets like last known location and actual password tokens in exposed database

Whisper, a mobile app for sharing those thoughts you'd rather not make public, turns out to be better at sharing secrets than keeping them, spilling a whopping 90 metadata fields associated with users in an exposed database. The app, launched in 2012, is intended as a way for people to "share real thoughts and feelings, forge …

  1. iron Silver badge

    I think the biggest surprise is that Whisper had 900 million users.

    1. GnuTzu Silver badge
      Joke

      Shhh, keep your voice down; no one's supposed to know.

    2. jake Silver badge

      "900 million user records" and "90 metadata fields" suggests 10 million users. And it's not really users, it's induhvidual logins, including those who tried it once and then never went back, and the ubiquitous trolls with multiple accounts. I'd be surprised if they have even one million active users.

    3. LucreLout Silver badge

      I think the biggest surprise is that Whisper had 900 million users.

      I'd literally never heard of it. Seems like a dumbass idea to me, but then while not a boomer, I'm knocking on a bit now.

  2. Warm Braw Silver badge

    Whisper's Chinese financial ties

    Send three & fourpence...

    1. Korev Silver badge
      Coat

      Re: Whisper's Chinese financial ties

      We're going for a dance

    2. jake Silver badge

      Re: Whisper's Chinese financial ties

      Note to my fellow Yanks: "Chinese Whispers" is the name the Brits (and non-Yank derivatives) use for the children's game we call "Telephone".

      This trans-Atlantic translation service brought to you by the letter T and the number 6. We now return you to your usual unfounded speculation and bickering

      1. Rich 11 Silver badge

        Re: Whisper's Chinese financial ties

        your usual unfounded speculation and bickering

        Merely one method of surviving the working day.

        1. jake Silver badge
          Pint

          Re: Whisper's Chinese financial ties

          Of course! I wasn't complaining. Topic drift would be nowhere near as amusing as it is without unfounded speculation and bickering, and what would be the fun in that?

          Beer. Another way of surviving the working day. I'll get this round in.

  3. HildyJ Silver badge
    Facepalm

    Yet another . . .

    Yet another private equity funded idea which was developed only to the point that it could be released, regardless of any software issues, and with subsequent development focused on new features, also regardless of any software issues. Fixing software issues doesn't bring in new users.

    1. Ralph B

      Re: Yet another . . .

      > developed only to the point that it could be released

      So, like pretty much every software project ever then?

  4. I ain't Spartacus Gold badge
    Childcatcher

    [Whisper is] a way for people to "share real thoughts and feelings, forge relationships and engage in conversations on an endless variety of topics – without identities or profiles."

    So kind of like El Reg then. Just with more Adams and Pratchett references and fewer attempts by El Reg to determine unscientically / randomly by algorithm if we're sexual predators or not.

    Did I ever mention that my town has a sex dungeon, apparently within 5 minutes' walk of the station? And that my office is opposite the station. There's no connection between these two info-bytes. But I'm happy to take any insults thrown my way. After all, "sticks and stones may break my bones - but whips and chains excite me."

    1. jake Silver badge

      "and fewer attempts by El Reg to determine unscientically / randomly by algorithm if we're sexual predators or not."

      Post proof or retract.

      1. P. Lee Silver badge

        It doesn't matter - you should always assume your internet content is monetised by the hoster.

  5. israel_hands
    Coat

    I don't trust companies like this with any of my public data, let alone telling the cunts actual secrets. What sort of moron would do that?

    Also, in the interests of this distinguished organ keeping pace with the bleeding edge techbros, could the El Reg Standards Bureau settle on its own sexual predator scale?

    Might I suggest rating it in Weinsteins?

  6. Throatwarbler Mangrove Silver badge
    Mushroom

    If you want to keep something really secret . . .

    . . . DON'T FUCKING PUT IT ON THE INTERNET!

    1. jake Silver badge

      Re: If you want to keep something really secret . . .

      I'd add to that "AND KEEP IT TO YOURSELF, YOU FUCKING MORON!".

      "When three sit down to talk revolution, two are fools and the third is a police spy."

      1. eldakka Silver badge

        Re: If you want to keep something really secret . . .

        "When three sit down to talk revolution, two are fools and the third is a police spy."

        If the DEA or FBI get involved, 2 will be police (DEA/FBI) trying to convince the third to start a revolution so that they can then arrest that 3rd person for starting a revolution.

    2. P. Lee Silver badge
      Holmes

      Re: If you want to keep something really secret . . .

      Mobile phone app snoops on users and cloud app makers accumulate vast amounts of data which is promptly "externally appropriated."

      This is news?

      Did you know you postfix has an option which causes email to fail to transfer if it can't connect with SSL?

      Big Tech - making stupid easy.

  7. Flak

    Scott Adams has done it again!

    Dilbert - incredibly timely and topical:

    https://dilbert.com/strip/2020-03-11

  8. TwistedPsycho

    I can only presume that there is a T&C somewhere exonerating Whisper from any stacking that come as a result of the breach.

  9. Mr Dogshit

    Time can never mend

    The careless whispers of a good friend

    To the heart and mind, ignorance is kind

    There's no comfort in the truth, pain is all that you'll find

    Should have known better, yeah

  10. Zippy´s Sausage Factory

    Someone basically say PostSecret and went "what if PostSecret was an app... we'd be millionaires". Probably forgetting that PostSecret had an app and closed it down.

  11. Anonymous Coward
    Anonymous Coward

    What?

    Another insecure S3 bucket? (asked a member of an as-yet undiscovered tribe deep in the Amazonian rain forest, whilst standing next to a bear taking a very large shit).

    In other news.....

    1. phuzz Silver badge

      "Another insecure S3 bucket?"

      No, an unsecured Elasticsearch database (which might have been storing it's data in a secure S3 bucket).

      So basically the same, but with a nicer front end for world+dog to access the information.

  12. Anonymous Coward
    Anonymous Coward

    Still

    Eight out of ten owners said their cats prefer it.

  13. Shady

    Without Whisper....

    .... what will the Daily Mail do for features?

    1. israel_hands

      Re: Without Whisper....

      I imagine they'll revert to claiming Brexit cures cancer.

      1. I ain't Spartacus Gold badge

        Re: Without Whisper....

        Curing cancer is rubbish! What we need to know is if Brexit increases house prices.

        And did the EU kill Diana. Oh sorry, that’s the Express. But we all know Selmayr used to drive a Fiat Uno.

        And remainers is an anagram of mein arse. Mumble, mumble, mumble extra r...

        1. jake Silver badge

          Re: Without Whisper....

          More to the point, what is brexit going to do to the price of Real Ale?

          1. I ain't Spartacus Gold badge
            Happy

            Re: Without Whisper....

            Real ale will become as close to free as makes no difference. And we will all bathe in it. Lying in our baths with a straw and a soapdish full of pork scratchings watching the rugby on our TVs - will be Brexit Bathtime!

            1. jake Silver badge

              Re: Without Whisper....

              I know all y'all drink warm beer (gawd/ess knows I've had my share over there), but Shirley at cellar temperature, not bath temperature ...

              As for watching Rugby in the bath, that's just not cricket!

  14. VibhorTyagi

    Not Even Remotely Surprised

    When Whisper launched way back in 2012, similar worries had users on edge. The difference between then and now, is that the company is now in the middle of haggling billions of private data to miscreants over the internet. There is an algorithm that Google and other search engines use to stay away from the fire, but really, it is only propagating this further. Whisper managed to engineer AI that has leaked over 600 million users' data over its course of life.

    ~Engineer.AI

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020