A security flaw revealed conversations and private complaints from Silicon Valley employees

Blind is an app-basedsocial networking platform used for anonymous conversation. It is trusted by thousands of employees to reveal malfeasance, improper conduct, or any wrongdoings in their companies. But what came as a shock for those employees was a recent security lapse that revealed their private and anonymous conversations. One of Blind’s database servers was exposed without a password, which made it possible for anyone to identify possible whistleblowers if they knew where to access users’ account information.

Blind, a company founded by South Korea made its entry in the Silicon Valley in 2015. It soon became popular among employees from major tech giants including Apple, Google, Facebook, Uber, Twitter, and many more. The security glitch was found by Mossab H, a security researcher who informed the company about the lapse. He found one of the company’sKibanadashboard which contained private messaging data and web-based content. Blind assured that the exposure is only related to one server and it affects only those users who signed up or logged in between November 1 to December 19.

Employees who signed up in the past month didn’t realize that email address would not be encrypted in the exposed database. They are not employees of some ordinary firms; most of them belong to elite companies and they often use the platform to discuss issues like sexual harassment in the workplace. Hence, one can imagine how a security lapse like this can put such companies’ prestige at stake.