Technology

RSA conference app leaks user data

Here's a new adage for 2018: It's not a true security conference until someone discovers a flaw in the technology used by the conference's event staff.

By Greg Otto

April 20, 2018

The floor of the 2018 RSA Conference. (Courtesy of RSA Conference)

Here’s a new adage for 2018: It’s not a true security conference until someone discovers a flaw in the technology used by the conference’s event staff.

A security researcher on Twitter discovered a flaw in the 2018 RSA Conference app Thursday that exposed a database of information tied to conference attendees. The database was discoverable via an unsecured API that could be accessed via credentials hard-coded into the app.

https://twitter.com/svblxyz/status/987044025122336774

https://twitter.com/svblxyz/status/987134331662536705

The conference’s event staff confirmed the flaw, saying that 114 attendees had their information leaked.

pic.twitter.com/QzTjOvMhSi

— RSA Conference (@RSAConference) April 20, 2018

The conference worked with mobile event platform Eventbase to fix the flaw before further damage could be done.

“No other personal information was accessed, and we have every indication that the incident has been contained. We continue to take the matter seriously and monitor the situation,” said Linda Gray Martin, the director and general manager of RSA Conference.

Thanks to @EventbaseTech / @RSAConference for fixing the data leak so quick! That is a great response time! 👍Can confirm that the attendee data is not accessible anymore through the method I discovered.

— svbl 🇺🇦 (@svblxyz) April 20, 2018

The leak is not the first time the conference has had security issues. The 2014 version of the app had problems including a database leak that exposed the name title, employer, and nationality of anyone that used it.

RSA conference app leaks user data

More Like This

FCC, Tracfone Wireless reach $16M cyber and privacy settlement

Judge dismisses much of SEC suit against SolarWinds over cybersecurity disclosures

Boeing confirms attempted $200 million ransomware extortion attempt

Top Stories

Cyber firm KnowBe4 hired a fake IT worker from North Korea

Low-level cybercriminals are pouncing on CrowdStrike-connected outage

North Korean hacking group makes waves to gain Mandiant, FBI spotlight

More Scoops

How the Cult of the Dead Cow plans to save the internet

Hackers push anti-Iranian government messages to millions via breached app

Feds to hackers in Vegas: Help us, you’re our only hope

Inside ShmooCon 2023: The wacky, the weird and, of course, the cybers

Will #infosecTwitter survive Elon Musk?

Iranian government blames ‘foreign country’ for hack-and-leak of nuclear information

Hacktivists claiming attack on Iranian steel facilities dump tranche of ‘top secret documents’

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Dewey Murdick on enabling principles for AI governance; a landmark breach at AT&T

Government

Technology

Threats

Geopolitics