Two databases containing user information and messages from the secret sharing app Whisper were exposed on the web without any password.
One of the database contained user’s messages and locations and other a list of user account information.
The data was secured after three days of exposure, if accessed the threat actors can use it for various fraudulent activity.
Source: https://www.comparitech.com/blog/information-security/secret-sharing-app-exposure/
TPRM report: https://scoringcyber.rankiteo.com/company/whisper-app
"id": "whi181411522",
"linkid": "whisper-app",
"type": "Breach",
"date": "02/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Social Media',
'name': 'Whisper',
'type': 'Company'}],
'attack_vector': 'Unsecured Database',
'data_breach': {'type_of_data_compromised': ['User Messages',
'User Locations',
'User Account Information']},
'description': 'Two databases containing user information and messages from '
'the secret sharing app Whisper were exposed on the web '
'without any password. One of the databases contained user’s '
'messages and locations, and the other contained a list of '
'user account information. The data was secured after three '
'days of exposure. If accessed, the threat actors could use it '
'for various fraudulent activities.',
'impact': {'data_compromised': ['User Messages',
'User Locations',
'User Account Information'],
'systems_affected': ['Databases']},
'motivation': 'Potential Fraudulent Activities',
'response': {'containment_measures': ['Securing the Databases']},
'threat_actor': 'Unknown',
'title': 'Whisper App Data Exposure',
'type': 'Data Exposure',
'vulnerability_exploited': 'Lack of Password Protection'}