UK Conservative Party conference app leaks attendee data
The conservative party conference kicked off in Birmingham on Sunday and for the very first time is making use of a dedicated app to grant attendees easy access to conference information. However, problems were discovered when information could be easily accessed by anyone due to a flaw in the app’s security.
According to a report from the BBC, the app included a button that allowed users to enter an attendee’s email address which granted access to sensitive information without the need to enter a password. This information included e-mail addresses and phone numbers, which could also be changed.
These security flaws meant that the information for senior cabinet ministers could be accessed and changed, and indeed saw several high-profile cabinet members have their accounts vandalised.
The company behind the app, CrowdComms, released a statement regarding the incident that apologised for the oversight.
IDG News Service