The personal details of senior Conservative politicians, including their mobile phone numbers, were exposed to the world in an embarrassing security fail.
The breach allowed anybody to log into the party conference app with just their email address, and without requiring any password or security measures.
Once inside the app users were all to access MPs numbers, email addresses and even swap their profile photos for hardcore pornography.
The mischief makers were able to spark an avalanche of prank calls on unsuspecting cabinet ministers preparing for a crucial party conference amid an ideological split.
The breach allowed anybody to log into the party conference app with just their email address, and without requiring any password or security measures. Once inside the app users were all to access MPs numbers, email addresses and even swap their profile photos for hardcore pornography
The blunder comes on the eve of the conference in Birmingham, and will cause headaches for ministers including Foreign Secretary Jeremy Hunt and Defence Secretary Gavin Williamson who both had their accounts hacked.
Hackers also replaced Michael Gove’s image with that of Rupert Murdoch and were able to harvest Boris Johnson’s personal information too.
The CPC 2018 app allowed anyone to log in as a politician, delegate or journalist attending the Birmingham event simply using their email address.
Once logged in as that person, they were able to access information including their mobile phone numbers.
Images posted to Twitter on Saturday afternoon showed people logging in as Boris Johnson and Michael Gove among others and apparently leaving messages on its internal messaging system.
The blunder comes on the eve of the conference in Birmingham, and will cause headaches for ministers including Foreign Secretary Jeremy Hunt and Defence Secretary Gavin Williamson who both had their accounts hacked
Guardian Columnist Dawn Foster, who was one of the first to spot the flaw, wrote: ‘FFS, the Tory conference app allows you to log in as other people and view their contact details just with their email address, no emailed security links, and post comments as them.
‘They’ve essentially made every journalist, politician and attendee’s mobile number public. Fantastic.’
The app, created by an Australian firm called Crown Comms, was updated and the login function removed after concerns were raised with the party.
Hackers also replaced Michael Gove’s image with that of Rupert Murdoch and were able to harvest Boris Johnson’s personal information too
The massive data breach could now leave the Conservative Party open to fines and an investigation by the Information Commissioner.
The app, created by an Australian firm called Crown Comms, was updated and the login function removed after concerns were raised with the party.
Jon Trickett, shadow cabinet office minister, said: ‘How can we trust this Tory Government with our country’s security when they can’t even build a conference app that keeps the data of their members, MPs and others attending safe and secure?
‘The Conservative Party should roll out some basic computer security training to get their house in order.’