British Prime Minister Theresa May’s Conservative Party apologized on Saturday after releasing a phone app for the annual party conference that let members of the public log in as senior government ministers and view their personal details.
Dawn Foster, a columnist with the Guardian newspaper, discovered that a flaw in the app allowed users to log in as anyone attending the party conference, simply by entering an email address.
It meant the mobile phone numbers of all those attending the four-day event – journalists, party members and lawmakers, including senior government ministers – could be accessed. On Twitter, Foster showed how she had been able to log into the system as former foreign secretary Boris Johnson.
“It’s let me login as Boris Johnson, and just straight up given me all the details used for his registration,” she wrote. “I’m the most tech illiterate person alive, and I’ve done this, imagine there are plenty more security bugs.”
The loophole in the app was closed after the security breach was pointed out to the party but not before the details of some politicians had been accessed and in some instances changed.
A journalist from the BuzzFeed website said at least two cabinet ministers had received prank calls from the public as a consequence.
“The technical issue has been resolved and the app is now functioning securely,” a Conservative spokesman said. “We are investigating the issue further and apologize for any concern caused.”
Last year, May’s major conference speech descended into chaos after she suffered a coughing fit, a prankster gained access to the stage to hand her the form given to sacked employees, and some letters of her party’s slogans dropped to the ground from a sign on the stage behind her as she spoke.
“I think people will see a really impressive conference all round this year,” Conservative Party Chairman Brandon Lewis told Sky News before news of the security breach was revealed.