A malfunctioning mobile application which has left the Conservative Party red-faced after the users who can easily access the phone numbers and other personal details of Cabinet ministers, as the party’s conference kicked off in Birmingham this week.
Events industry the app developer, CrowdComms, who apologized “unreservedly” for the incident, who explained in a statement that he become of this unusual activity on the platform over the weekend.
“An error meant that a third party in possession of a conference attendee’s email address was able, without further authentication, to potentially see the data which the attendee had not wished to share — name, email address, phone number, job title and photo,” it noted.
“This error was rectified within 30 minutes. It is likely that it affected a very small proportion of attendees and we are working with the Conservative Party to ensure any potentially affected attendees are notified.”
Before this bug was fixed, a lot of Cabinet ministers who reported that we have received tons of prank calls and some had their headshots on the app changed: former foreign secretary Boris Johnson’s pic was apparently changed to a pornographic image.
Mark Noctor, VP EMEA at Arxan Technologies, argued that organizations must start treating their apps as the new endpoint.
“Apps needs to be protected from compromise or attackers can effectively bypass security controls and have access to cryptographic keys, payloads formats, credentials, API endpoint references and so much more,” he warned.
“As the party of the government, the Tories are meant to be passing and enforcing laws. This would appear to be a breach of GDPR law, rising to the fore whether enough has really been done to ensure data privacy. There need to be regulation that requires app security to be in place and not just seen as a ‘tick box activity’ as it may have been in the past.”