Whisper, a mobile app offering anonymous communications, regularly exposed sensitive data of millions of users through a publicly accessible online database, The Washington Post reported.

The records, discovered by researchers at security company Twelve Security, included data about users’ age, location, ethnicity and residence.

Due to its anonymised nature, though, details of users names were not disclosed, the newspaper stated. It added the database was not password-protected and consisted of almost 900 million user records accumulated since the app was released in 2012.

The security researchers reportedly notified the app’s parent company, MediaLab, and federal authorities in the US.

MediaLab played down the revelation, arguing the information was intended to be public-facing and was provided by the users on their own. However, it told The Washington Post it had taken the database down as it was not designed to be queried directly.

The app reportedly has more than 30 million monthly active users, including people under 18 years old.

In September 2013 Whisper was said to be valued in the $75 million to $100 million range.