The Conservative Party has allowed personal details of Cabinet Ministers, MPs and journalists to be released to the public following a security flaw on its official conference app.
The flaw allowed anyone to access private details of almost all attendees, including Defence Secretary and South Staffordshire MP Gavin Williamson.
Details of current Foreign Secretary Jeremy Hunt were also among those to be accessed.
Mr Hunt and Mr Williamson have permanent police protection and warn publicly of the hacking threat posed by Russia.
The app being used at the annual party conference in Birmingham which starts tomorrow (September 30), required users to login with their email they registered with for a security pass. A password did not need to be entered.
This allowed anyone to login as another user – a major security issue for those with emails in the public domain.
Social media users particularly targeted MPs, journalists and Cabinet Ministers.
Users on Twitter have bragged about how they have managed to modify the information of former Foreign Secretary Boris Johnson’s account, changing his photograph, name, job.
Some also exposed his contact mobile number and parliamentary email online.
It's let me login as Boris Johnson, and just straight up given me all the details used for his registration pic.twitter.com/fLNC06azx7
— Dawn Foster (@DawnHFoster) September 29, 2018
Jon Trickett MP, Labour’s Shadow Minister for the Cabinet Office, said in a statement: “How can we trust this Tory Government with our country’s security when they can’t even build a conference app that keeps the data of their members, MPs and others attending safe and secure?
“The Conservative Party should roll out some basic computer security training to get their house in order.”
Twitter has taken down search terms related to the app after users posted the personal details of high-profile politicians.
The app has now removed multiple features, closing the flaw an hour after it was discovered.
Other Cabinet Ministers affected by the security flaw include the Home Secretary Sajid Javid and Environment Secretary Michael Gove.
The Chancellor of the Exchequer Philip Hammond was also affected during the incident.
A spokesperson for the Information Commissioner’s Office (ICO) said: “We are aware of an incident involving a Conservative Party conference app.
“We will be making inquiries with the Conservative Party.
“Organisations have a legal duty to keep personal data safe and secure.
“Under the GDPR they must notify the ICO within 72 hours of becoming aware of a personal data breach if it could pose a risk to people’s rights and freedoms.”
Conservative Party Chairman Brandon Lewis tweeted:
We’ve have had a technical issue with our Conference App that has been resolved and it is now functioning securely. We are investigating the issue further and apologise for any concern caused. #CPC18
— Brandon Lewis (@BrandonLewis) September 29, 2018
It is not known whether the other seven Conservative Staffordshire-based MPs have been specifically targeted during this incident.
Mr Williamson MP, Staffordshire Moorlands MP Karen Bradley, and the Conservative Party have been approached for comment.
(Image: Gavin Williamson MP for South Staffordshire – under creative commons licence by Chris McAndrew)