Cybersecurity Conference Leaked Attendee Data via Its App That Also Demanded a Little Too Many Permissions

Author Photo
Apr 20, 2018
17Shares
Submit

When a conference dedicated to cybersecurity ends up leaking attendee information via its mobile app… Okay, cybersecurity is no joke but at least when you are trying to be the leader of the game and gathering who you think are the most important people in the industry, try not to expose their details?

The 2018 RSA Conference that managed to attract quite a few controversies even before it started has ended with another one. The conference apparently leaked personal information of its attendees through the official 2018 RSA Conference Mobile app.

mega-data-leakRelated [Update] Another MASSIVE Data Leak: “Life in 123 Million American Households Exposed Online”

The security researcher, who goes by svbl on Twitter, discovered a flaw in the 2018 RSA Conference app that exposed a database of information revealing data on conference attendees. Thanks to an unsecured API, the database could have been accessed via credentials hard-coded into the app. The security researcher also shared the steps he took to access the information.

backlit-keyboard-2Related Popular Keyboard App with Tens of Millions of Downloads Leaks Data of Its 31 Million Users

The Conference organizers have now acknowledged this breach, confirming that 114 first and last names of app users were “improperly accessed.” They worked with the mobile event platform Eventbase to fix the flaw before others could access this and more personal data.

“No other personal information was accessed, and we have every indication that the incident has been contained,” the RSAConference tweeted. “We continue to take the matter seriously and monitor the situation.”

It now appears that this wasn’t the only problem with the app since it demanded a little too many permissions.

While the community is praising conference organizers for a quick fix, it is ironic, to say the least, that it all depended on a security researcher to decide to inform the organizers responsibly instead of trying to poke in further for more data.

Submit