RSA conference app leaks user data

The floor of the 2018 RSA Conference. (Courtesy of RSA Conference)

Share

Written by

Here’s a new adage for 2018: It’s not a true security conference until someone discovers a flaw in the technology used by the conference’s event staff.

A security researcher on Twitter discovered a flaw in the 2018 RSA Conference app Thursday that exposed a database of information tied to conference attendees. The database was discoverable via an unsecured API that could be accessed via credentials hard-coded into the app.

The conference’s event staff confirmed the flaw, saying that 114 attendees had their information leaked.

The conference worked with mobile event platform Eventbase to fix the flaw before further damage could be done.

“No other personal information was accessed, and we have every indication that the incident has been contained. We continue to take the matter seriously and monitor the situation,” said Linda Gray Martin, the director and general manager of RSA Conference.

The leak is not the first time the conference has had security issues. The 2014 version of the app had problems including a database leak that exposed the name title, employer, and nationality of anyone that used it.

-In this Story-

apps, data leak, RSA conference, SF CyberWeek
TwitterFacebookLinkedInRedditGoogle Gmail