- Major flaw in the Conservative party conference app lets users login without passwords to the accounts of hundreds of Conservative MPs, journalists and other attendees.
- Users were able to login into the accounts, view private contact details, amend them and make them public.
- The loophole was closed over an hour after it was first spotted on social media.
- The Labour party: “How can we trust this Tory Government with our country’s security when they can’t even build a conference app that keeps the data of their members, MPs and others attending safe and secure?”
- The Conservative party has been contacted for comment.
LONDON — A major design flaw in the Conservative party’s conference app for mobile phones has given users access to the contact details of hundreds of government ministers, MPs and prominent journalists.
Theresa May’s Conservatives are set to gather in Birmingham, England tomorrow for its annual autumn conference, with the party’s most senior figures set to attend the four-day event.
However, it emerged on Saturday that the mobile phone app created for conference goers had a major security flaw that allowed users to look at the contact details of attendees, including those of very senior politicians, without a password.
The loophole, now rectified, allowed anyone who downloaded the app to log in to the personal profiles of politicians including former Foreign Secretary, Boris Johnson, and current serving ministers including Chancellor Philip Hammond, the Environment Secretary Michael Gove and the Home Secretary Sajid Javid.
Twitter users reported being able to change the personal details of senior politicians. The contact details of Conservative MPs, party members, and prominent journalists could also be seen. Images of the politicians were replaced with pictures of hardcore pornography with private phone numbers were made widely available.
The Labour party accused the Tories of failing to protect the safety of conference attendees.
Jon Trickett MP, Labour’s Shadow Minister for the Cabinet Office, said: “How can we trust this Tory Government with our country’s security when they can’t even build a conference app that keeps the data of their members, MPs and others attending safe and secure?
“The Conservative Party should roll out some basic computer security training to get their house in order.”
Business Insider has contacted the Conservative party for comment.
Guardian columnist Dawn Foster, was one of the first people to notice to design flaw. She tweeted: “FFS, the Tory conference app allows you to login as other people and view their contact details just with their email address, no emailed security links, and post comments as them.”
“They’ve essentially made every journalist, politician and attendee’s mobile number public. Fantastic.”
Our Brexit Insider Facebook group is the best place for up-to-date news and analysis about Britain’s departure from the EU, direct from Business Insider’s political reporters. Join here.