The app that supports the conservative party conference allowed attendee data to be accessed without a password.
The conservative party conference kicked off in Birmingham on Sunday and for the very first time is making use of a dedicated app to grant attendees easy access to conference information. However, problems were discovered when information could be easily accessed by anyone due to a flaw in the app’s security.
According to a report from the BBC, the app included a button that allowed users to enter an attendee’s email address which granted access to sensitive information without the need to enter a password. This information included e-mail addresses and phone numbers, which could also be changed.
These security flaws meant that the information for senior cabinet ministers could be accessed and changed, and indeed saw several high-profile cabinet members have their accounts vandalized.
The company behind the app, CrowdComms, released a statement this morning regarding the incident that apologised for the oversight.