Tory app glitch reveals MPs’ personal data
It’s (the app) let me login as Boris Johnson, and just straight up given me all the details used for his registration
Dawn Foster, A columnist with the Guardian
BIRMINGHAM — British Prime Minister Theresa May’s Conservative Party apologised on Saturday after releasing a phone app for the annual party conference that let members of the public log in as senior government ministers and view their personal details.
Dawn Foster, a columnist with the Guardian newspaper, discovered that a flaw in the app allowed users to log in as anyone attending the party conference, simply by entering an email address.
It meant the mobile phone numbers of all those attending the four-day event — journalists, party members and lawmakers, including senior government ministers — could be accessed. On Twitter, Foster showed how she had been able to log into the system as former foreign secretary Boris Johnson.
“It’s let me login as Boris Johnson, and just straight up given me all the details used for his registration,” she wrote. “I’m the most tech illiterate person alive, and I’ve done this, imagine there are plenty more security bugs.”
The loophole in the app was closed after the security breach was pointed out to the party but not before the details of some politicians had been accessed and in some instances changed.
A journalist from the BuzzFeed website said at least two cabinet ministers had received prank calls from the public as a consequence.
“The technical issue has been resolved and the app is now functioning securely,” a Conservative spokesman said. —