UK political party's conference app exposes personal details
A flaw in the official 2018 UK Conservative Party conference app granted both read and write access to the private data of senior party members, including cabinet ministers, to anyone who logged in by second-guessing the email address they used to sign into the app. Twitter users claimed that one leading politician, Boris Johnson, had his avatar briefly replaced by a pornographic image, while another, Michael Gove, had his replaced by that of media magnate Rupert Murdoch. The app was created by the Australian company CrowdComms, which updated the app and removed the login function after the flaw became public.
Writer: Mattha Busby, Jim Waterson, and Michael Savage