UK Conservative Party Conference dedicated app leaks attendee data

The app that supports the conservative party conference allowed attendee data to be accessed without a password.

The conservative party conference kicked off in Birmingham on Sunday and for the very first time is making use of a dedicated app to grant attendees easy access to conference information. However, problems were discovered when information could be easily accessed by anyone due to a flaw in the app’s security.

According to a report from the BBC, the app included a button that allowed users to enter an attendee’s email address which granted access to sensitive information without the need to enter a password. This information included e-mail addresses and phone numbers, which could also be changed.

These security flaws meant that the information for senior cabinet ministers could be accessed and changed, and indeed saw several high-profile cabinet members have their accounts vandalized.

The company behind the app, CrowdComms, released a statement this morning regarding the incident that apologised for the oversight.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about indeed

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by By Sean Bradley

Latest Videos

More videos

Blog Posts