Users wreak havoc on the Conservative party app due to total lack of basic security 8 months ago

Users wreak havoc on the Conservative party app due to total lack of basic security

As strong and stable as advertised

Gun to your head, what do you think is the most Conservative party way to kickstart their conference in Birmingham?

Do you think it is creating their app - the Conservative party conference app - and not even adding passwords to the accounts of the politicians attending? And inadvertently releasing the contact details of everyone at the event to the general public, things like Boris Johnson's personal phone number? Do you think that is the most Tory thing to happen before the conference has even started? Having people sat at home log into the app as Boris and change his position from MP for Uxbridge to, simply, 'DICKHEAD'? And then to change his profile picture to some hardcore pornography?  Do you?

Do you think that is the most fittingly Tory thing to happen before a party conference?

Because it might be.

The beauty is that it didn't exactly require master hackers to discover the flaw, the thermal exhaust port in the Tory app Death Star.

Users could simply download the app and login using the parliamentary email addresses of those attending, which, of course, are readily available online.

That was it. That's all they had to do, as demonstrated by the Guardian's Dawn Foster who broke the story.


That's all they had to do before they could do things like this: changing Michael Gove's profile image and email to Rupert Murdoch.

Or things like this.

After around an hour the Conservative Party tech team, presumably consisting of a similar setup to Mr. Burns' thousand writer monkeys chained to a typewriter, managed to shut down the loophole to ensure that absolutely no one could get their hands on all the private details stored within the app. Other than the several people that already did. Other than those guys.

Jon Trickett of the Labour party, in response to what Foster called a Thick of It-style omnishambles, asked: "How can we trust this Tory Government with our country's security when they can't even build a conference that keeps the date of their members, MPs and others attending safe and secure?"

One imagines the Conservatives, meanwhile, are struggling to get out a statement due to their staff attempting to use a dial-up internet service and the landline telephone at the same time.

Truly, it was the best of times, it was the blurst of times.

Update:

Around three hours after the data breach a Conservative party spokesperson released the following statement via email:

"The technical issue has been resolved and the app is now functioning securely. We are investigating the issue further and apologise for any concern caused."