- A major flaw in the Conservative party conference app lets users log in without passwords to the accounts of hundreds of Conservative MPs, journalists and other attendees.
- Users were able to login into the accounts, view private contact details, amend them and make them public.
- The loophole was closed over an hour after it was first spotted on social media.
- The Labour party: “How can we trust this Tory Government with our country’s security when they can’t even build a conference app that keeps the data of their members, MPs and others attending safe and secure?”
- A Conservative party spokesperson apologised for the security issue.
- The Information Commissioner’s Office, which is responsible for data protection, confirms it will be getting in touch with the Conservative party to discuss the security mess-up.
LONDON – A major design flaw in the Conservative party’s conference app for mobile phones has given users access to the contact details of hundreds of government ministers, MPs and prominent journalists.
Theresa May’s Conservatives are set to gather in Birmingham, England tomorrow for its annual autumn conference, with the party’s most senior figures set to attend the four-day event.
However, it emerged on Saturday that the mobile phone app created for conference goers had a major security flaw that allowed users to look at the contact details of attendees, including those of very senior politicians, without a password.
The loophole, now rectified, allowed anyone who downloaded the app to log in to the personal profiles of politicians including former Foreign Secretary, Boris Johnson, and current serving ministers including Chancellor Philip Hammond, the Environment Secretary Michael Gove and the Home Secretary Sajid Javid.
Twitter users reported being able to change the personal details of senior politicians. The contact details of Conservative MPs, party members, and prominent journalists could also be seen. Images of the politicians were replaced with pictures of hardcore pornography with private phone numbers were made widely available.
Reports also suggest that at least two cabinet ministers received prank calls.
A Conservative party spokesperson said: “The technical issue has been resolved and the app is now functioning securely. We are investigating the issue further and apologise for any concern caused.”
The Information Commissioner’s Office, the independent body which deals with data protection, has confirmed it intends to contact the Conservative party about the security mess-up.
“We are aware of an incident involving a Conservative Party conference app and we will be making enquiries with the Conservative Party,” an ICO spokesperson said.
“Organisations have a legal duty to keep personal data safe and secure. Under the GDPR they must notify the ICO within 72 hours of becoming aware of a personal data breach, if it could pose a risk to people’s rights and freedoms.”
The Labour party accused the Tories of failing to protect the safety of conference attendees.
Jon Trickett MP, Labour’s Shadow Minister for the Cabinet Office, said: “How can we trust this Tory Government with our country’s security when they can’t even build a conference app that keeps the data of their members, MPs and others attending safe and secure?
“The Conservative Party should roll out some basic computer security training to get their house in order.”
BuzzFeed’s senior political correspondent Alex Wickham tweeted that the Conservative party’s data protection officer, Andrew Stedman, said the party’s headquarters would “contact all those affected and submit a data breach report to the Information Commissioner’s Office this weekend.”
Business Insider Emails & Alerts
Site highlights each day to your inbox.