MP data leak after Tory conference app security failure

The Conservative Party's official conference phone app appears to have a major security flaw that allows people to access the private data of attendees including Cabinet ministers.

Prime Minister Theresa May pictured at the 2017 Conservative Party annual conference. Picture: Joe Giddens/PA Wire

The CPC 2018 app allowed anyone to log in as a politician, delegate or journalist attending the Birmingham event simply using their email address.

Once logged in as that person, they were able to access information including their mobile phone numbers.

Sign up to our daily newsletter

The i newsletter cut through the noise

Images posted to Twitter on Saturday afternoon showed people logging in as Boris Johnson and Michael Gove among others and apparently leaving messages on its internal messaging system.

Guardian Columnist Dawn Foster, who was one of the first to spot the flaw, wrote: “FFS, the Tory conference app allows you to log in as other people and view their contact details just with their email address, no emailed security links, and post comments as them.

“They’ve essentially made every journalist, politician and attendee’s mobile number public. Fantastic.”

The app, created by an Australian firm called Crown Comms, was updated and the login function removed after concerns were raised with the party.

Jon Trickett, shadow cabinet office minister, said: “How can we trust this Tory Government with our country’s security when they can’t even build a conference app that keeps the data of their members, MPs and others attending safe and secure?

“The Conservative Party should roll out some basic computer security training to get their house in order.”