Latest in Gear

Image credit: Ian Forsyth/Getty Images

App flaw let anyone access UK Conservative politicians' data

You could mess with sensitive details using just an email address.
277 Shares
Share
Tweet
Share

Sponsored Links

Ian Forsyth/Getty Images

The UK Conservative party is learning a hard lesson about the importance of basic security measures in mobile apps. Users have discovered that you could log into the party's conference app using only an attendee's email address, providing access to all kinds of sensitive data. And when many of the conference participants are politicians who registered with their email addresses at Parliament... you can guess what happened next.

Users entered the email addresses of major politicians, including Michael Gove and Boris Johnson, and promptly discovered info like mobile phone numbers. In some cases, people started messing with that data. One person changed Johnson's photo to a porn image, while another altered Gove's portrait to that of his former boss Rupert Murdoch. It was harder to obtain info for people who weren't politicians, but they too were vulnerable if you could obtain their email addresses.

CrowdComms, the Australian company behind the app, removed the login feature through an update to curb further abuse. The Conservatives, meanwhile, said they were "investigating the issue further." While it's not certain just who decided on the password-free sign-ins, many have criticized the party for a lack of oversight that might have caught such a glaring oversight before the app went live. This was easily avoidable, and may have had lasting consequences beyond the conference.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
277 Shares
Share
Tweet
Share

Popular on Engadget

Ninja's Twitter account was hijacked

Ninja's Twitter account was hijacked

View
AI discovers antibiotic that kills even highly resistant bacteria

AI discovers antibiotic that kills even highly resistant bacteria

View
Netflix's first 'Transformers' teaser reveals a hopeless war

Netflix's first 'Transformers' teaser reveals a hopeless war

View
Alphabet's Loon, telecoms unite to boost high-altitude internet

Alphabet's Loon, telecoms unite to boost high-altitude internet

View
Ford hopes you'll trade some privacy for discounted car insurance

Ford hopes you'll trade some privacy for discounted car insurance

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr