RSA conference app leaks user data

Here's a new adage for 2018: It's not a true security conference until someone discovers a flaw in the technology used by the conference's event staff.
RSA Conference app
The floor of the 2018 RSA Conference. (Courtesy of RSA Conference)

Here’s a new adage for 2018: It’s not a true security conference until someone discovers a flaw in the technology used by the conference’s event staff.

A security researcher on Twitter discovered a flaw in the 2018 RSA Conference app Thursday that exposed a database of information tied to conference attendees. The database was discoverable via an unsecured API that could be accessed via credentials hard-coded into the app.


The conference’s event staff confirmed the flaw, saying that 114 attendees had their information leaked.

The conference worked with mobile event platform Eventbase to fix the flaw before further damage could be done.

“No other personal information was accessed, and we have every indication that the incident has been contained. We continue to take the matter seriously and monitor the situation,” said Linda Gray Martin, the director and general manager of RSA Conference.


The leak is not the first time the conference has had security issues. The 2014 version of the app had problems including a database leak that exposed the name title, employer, and nationality of anyone that used it.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts