Saturday 29 September 2018 4:13 pm | Updated: Tuesday 21 May 2019 4:25 pm

Conservative Party conference app flaw exposes phone numbers of MPs

NULL

Boris Johnson and Sajid Javid's mobile phone numbers were among those revealed online yesterday due to major a security flaw in the Conservative party's conference app which allowed people to log into the accounts of MPs and journalists attending the event.

Dawn Foster, a journalist, revealed an issue with the app on Twitter which lets attendees easily get into other people's accounts, letting them view sensitive personal details like mobile phone numbers and email addresses, and make those details public to other app users.

https://twitter.com/DawnHFoster/status/1046022868251873280

According to another journalist Alex Wickham, two cabinet ministers received prank calls from members of the public after their numbers were visible on the app.

At least two cabinet ministers have received prank calls on their personal mobiles from members of the public… https://t.co/GKFWJm3ZYf

— Alex Wickham (@alexwickham) September 29, 2018

It seems attendees could break into the accounts of MPs by entering their email addresses without having to use a password.

The problem has now been rectified, according to the BBC.

An email circulated to participants said "a small number of conference attendees" were "made potentially accessible to fraudulent access."

"But it's not good enough that people's data may have been made available and we are disappointed that we have been let down by a third party supplier – CrowdComms."

The email included a statement from the supplier, apologising to the party and conference participants.

Pressured by colleagues for the mistake, Conservative Party chair, and conference organiser, Brandon Lewis told Sky News: "Any breach of data is a serious matter."

"This will affect people where somebody has guessed or already knew somebody's email address so was able to log in as them," he added.

The breach has been reported to the Information Commissioner.

The breach is a major embarrassment for the Tories the day before the party conference kicks off in Birmingham.

Labour's shadow minister for the Cabinet Office Jon Trickett said:

How can we trust this Tory Government with our country's security when they can't even build a conference app that keeps the data of their members, MPs and others attending safe and secure?

The Conservative Party should roll out some basic computer security training to get their house in order.

A Conservative Party spokesperson said: "The technical issue has been resolved and the app is now functioning securely. We are investigating the issue further and apologise for any concern caused."