Users entered the email addresses of major politicians, including Michael Gove and Boris Johnson, and promptly discovered info like mobile phone numbers. In some cases, people started messing with that data. One person changed Johnson's photo to a porn image, while another altered Gove's portrait to that of his former boss Rupert Murdoch. It was harder to obtain info for people who weren't politicians, but they too were vulnerable if you could obtain their email addresses.
CrowdComms, the Australian company behind the app, removed the login feature through an update to curb further abuse. The Conservatives, meanwhile, said they were "investigating the issue further." While it's not certain just who decided on the password-free sign-ins, many have criticized the party for a lack of oversight that might have caught such a glaring oversight before the app went live. This was easily avoidable, and may have had lasting consequences beyond the conference.