Cybersecurity Conference App Exposed Attendee Data

Cybersecurity

In an ironic twist of events, an engineer was able to access attendee information stored in a cybersecurity conference’s mobile app. A Twitter user that goes by the handle svbl said that a vulnerability in the RSA Conference Mobile App was caused by a third-party site, Mashable reported.

“[It] was the API from http://eventbase.com that was used by the RSA conference app,” svbl told Mashable via Twitter direct message. “[The] vulnerability was on eventbase’ side.”

After discovering the vulnerability, svbl notified the RSA Conference. As a result, it quickly fixed the problem and issued a statement on Twitter addressing the incident.

“Our initial investigation shows that 114 first and last names of RSA Conference Mobile App users were improperly accessed,” the conference posted on Twitter. “No other personal information was accessed, and we have every indication that the incident has been contained.”

The news comes as technology companies are making a pledge to protect customers from cyberattacks, as well as making sure they don’t help governments advance their cyber-warfare efforts. Just two days ago, 34 tech companies signed a “watershed agreement” called the Cybersecurity Tech Accord, including RSA along with household names such as Facebook, LinkedIn and Microsoft.

“The devastating attacks from the past year demonstrate that cybersecurity is not just about what any single company can do, but also about what we can all do together,” Microsoft President Brad Smith said. “This tech sector accord will help us take a principled path towards more effective steps to work together and defend customers around the world.”

Cyberattacks are expected to cost businesses and organizations $8 trillion by 2022. Recent cyberattacks have closed down small businesses, delayed medical services at hospitals, interrupted government services and more.

“The real-world consequences of cyber threats have been repeatedly proven. As an industry, we must band together to fight cybercriminals and stop future attacks from causing even more damage,” Kevin Simzer, COO of Trend Micro, said.