Party chairman Brandon Lewis was planning to sell the “interactive” app – which will allow attendees to give feedback on speeches as they happen – as evidence that the ruling party was embracing tech in a bid to win over the youth vote (another idea was to have the culture secretary appear as a hologram).
But soon after its launch, users took to Twitter to point out that that not only were contact details and personal information visible – they could also be edited.
Particular targets appeared to be Michael Gove, whose picture was changed to that of his former boss Rupert Murdoch, and Boris Johnson, whose name and profile picture were reportedly changed during the incident.
Crowd Comms, the company behind the app, said the error “meant that a third party in possession of a conference attendee’s email address was able, without further authentication, to potentially see data which the attendee had not wished to share – name, email address, phone number, job title and photo”.
Since email addresses are often pretty easy to guess, or – in the case of MPs or other professionals registered on the app – a case of public record, the cock-up had a wide potential impact.