App flaw let anyone access UK Conservative politicians’ data
Jon Fingas reports:
The UK Conservative party is learning a hard lesson about the importance of basic security measures in mobile apps. Users have discovered that you could log into the party’s conference app using only an attendee’s email address, providing access to all kinds of sensitive data. And when many of the conference participants are politicians who registered with their email addresses at Parliament… you can guess what happened next.
Users entered the email addresses of major politicians, including Michael Gove and Boris Johnson, and promptly discovered info like mobile phone numbers. In some cases, people started messing with that data.
Read more on Engadget.