- iOS and Android App Whiplr has been caught storing user details without any form of encryption.
- It is unknown if there has been any data breach and the extent of data stolen from the app.
- Whiplr’s data protection officer revealed that the company made an error of judgment by not encrypting private data.
With millions of users accessing Whiplr, a popular fetish app on iOS, the people behind the app chose not to encrypt user credential data allowing hackers easy access to private data. The security flaw was noticed when the app requested information including a username, password, and email address when registering for a new account in plain text format.
Whiplr claims to be the world’s biggest online fetish company, and users from all over the world come together to connect with each other over their kinks. While privacy for such an app is expected, the app’s decision to store login details in plain text format is a serious issue. If hackers have gained access to the database of credentials, user data of every single Whiplr user may have been compromised. The app should have employed some form of encryption to make it difficult for hackers to break into.
Whiplr Data Protection Officer Ido Manor made a statement following the controversy. He stated “Whiplr places both the security and privacy of its millions of users around the world at the highest priority. This case was an error of judgment in a specific situation when a user could not have been identified via email address. We took steps to make sure this never happens again, just as it has never happened before this incident.”
The app has already deployed encryption to protect user data, but the company did not provide any specific details about its encryption methods. Whiplr is not the first service to be accused of storing private data without proper protection; there are many notable apps that have been accused of poor security measures which have led to large-scale data breaches.