British prime minister Theresa May’s Conservative Party apologised on Saturday after releasing a phone app for the annual party conference that let members of the public log in as senior government ministers and view their personal details.
Dawn Foster, a columnist with the Guardian newspaper, discovered that a flaw in the app allowed users to log in as anyone attending the party conference, simply by entering an email address.
It meant the mobile phone numbers of all those attending the four-day event – including journalists, party members and senior government ministers – could be accessed. On Twitter, Ms Foster showed how she had been able to log into the system as former foreign secretary Boris Johnson.
“It’s let me login as Boris Johnson, and just straight up given me all the details used for his registration,” she wrote. “I’m the most tech illiterate person alive, and I’ve done this, imagine there are plenty more security bugs.”
The loophole in the app was closed after the security breach was pointed out to the party but not before the details of some politicians had been accessed and in some instances changed.
A journalist from BuzzFeed said at least two cabinet ministers had received prank calls from the public as a consequence.
“The technical issue has been resolved and the app is now functioning securely,” a Conservative spokesman said. “We are investigating the issue further and apologise for any concern caused.”
Last year, Ms May’s major speech at the conference descended into chaos after she suffered a coughing fit, a prankster gained access to the stage to hand her the form given to sacked employees, and some letters dropped to the ground from a sign with her party’s slogans on the stage behind her as she spoke.
"I think people will see a really impressive conference all round this year," Conservative Party chairman Brandon Lewis told Sky News before news of the security breach was revealed. – Reuters