UK Recruitment Agency Exposes Sensitive Data Through Unprotected Database
Last updated September 25, 2021
2018 has been an influx of data breaches, and data leaks and the latest victims of a data leak are the Members of Parliament of UK’s Conservative Party. A conference app that was designed for the party members suffered from a data leak with no authentication methods being put into place by the developers.
https://twitter.com/GossiTheDog/status/1046030529701826560
Members of Parliament using the app suffered the data leak with miscreants abusing the lack of security in the app to steal personal details or even change profile details. With only an email required to register and set up an account, it is very easy to identify the accounts of famous members of the Conservative party as their emails are readily available on websites. Many of the members used their official emails to sign up for the app, making it very easy for attackers to exploit the app and cause a data leak.
We’ve have had a technical issue with our Conference App that has been resolved and it is now functioning securely. We are investigating the issue further and apologise for any concern caused. #CPC18
— Brandon Lewis (@BrandonLewis) September 29, 2018
The UK ICO (Information Commissioner) revealed “Organizations have a legal duty to keep personal data safe and secure. Under the GDPR they must notify the ICO within 72 hours of becoming aware of a personal data breach if it could pose a risk to people's rights and freedoms.”
The developers of the app did not place any two-factor authentication or other security mechanisms in place. The exploit was discovered by Guardian columnist Dawn Foster, who reported her findings on September 29. Anyone who would want to attend a video conference would simply need to register using an email address, and they would be able to steal information from private meetings.
After Foster posted her findings on the data leak, the app was shut down temporarily. Access to the app is now available again, and a conference is scheduled to take place tomorrow amongst the members of parliament of the Conservative party. The incident in the UK comes shortly after the British Airways data breach which compromised data of nearly 380,000 UK citizens.
What do you think about the data leak suffered by the MPs of UK’s Conservative party? Let us know in the comments below. If you could share the article online, it would also be great so others can find it too. Come chat with us on Facebook and Twitter.