Guardian Columnist Logged Into Conservative App As Boris Johnson... And Can't Log Out

29 September 2018, 15:49 | Updated: 30 September 2018, 10:54

Dawn Foster discovered the security flaw when as she tested the app ahead of the Conservative Party Conference in Birmingham.

A major security flaw in the official Conservative Party Conference app, which allowed anyone to access and change the personal details of ministers, MPs, journalists and other attendees, has been uncovered ahead of the conference.

The app did not require a password to access accounts, making it possible to access the email addresses and mobile numbers other other attendees.

Dawn Foster, a Guardian columnist, said that after discovering the flaw, she's been stuck logged into the app as the former Foreign Secretary Boris Johnson.

She told Ian Payne that she's not been able to log out of the app, and has been receiving notifications intended for Mr Johnson.

Speaking to Andrew Castle, Conservative Party Chairman Brandon Lewis said that the issue was resolved "within half an hour" of the party being made aware of it.

Mr Lewis also confirmed that an initial report had been made to the Information Commissioners Office.

He said: "It's not good enough that anybody's data could have been made available in any way.

"We will be making further investigations before making a further report to the ICO."

Environment secretary Michael Gove's picture was reportedly changed to one of Rupert Murdoch, and his email to a fictional Sun newspaper address.It raises questions over whether the app breaches data protection policy.

The security flaw, which happened as Tory Party members arrived at conference for its first day, has now been fixed.

A Conservative Party spokesman said: "The technical issue has been resolved and the app is now functioning securely. We are investigating the issue further and apologise for any concern caused."

A spokesperson for the Information Commissioner's Office (ICO) said it would be making inquiries about the breach and added that "organisations have a legal duty to keep personal data safe and secure".

Comments

Loading...