Here’s a new adage for 2018: It’s not a true security conference until someone discovers a flaw in the technology used by the conference’s event staff. A security researcher on Twitter discovered a flaw in the 2018 RSA Conference app Thursday that exposed a database of information tied to conference attendees. The database was discoverable via an unsecured API that could be accessed via credentials hard-coded into the app. Hi #RSAC2018. 😏 pic.twitter.com/9y1sDK723B — svbl (@svblxyz) April 19, 2018 If you attended #RSAC2018 and see your first name there – sorry! 😳 pic.twitter.com/YrgZo6jHDu — svbl (@svblxyz) April 20, 2018 The conference’s event staff confirmed the flaw, saying that 114 attendees had their information leaked. pic.twitter.com/QzTjOvMhSi — RSA Conference (@RSAConference) April 20, 2018 The conference worked with mobile event platform Eventbase to fix the flaw before further damage could be done. “No other personal information was accessed, and we have every indication that the […]
The post RSA conference app leaks user data appeared first on Cyberscoop.
Continue reading RSA conference app leaks user data→