A “legacy system” was to blame for exposing the contact information of attendees of this year’s Black Hat security conference.
Colorado-based pen tester and security researcher who goes by the handle NinjaStyle said it would have taken about six hours to collect all the registered attendees’ names, email and home addresses, company names, and phone numbers from anyone who registered for the 2018 conference.
In a blog post, he explained that he used a reader to access the data on his NFC-enabled conference badge, which stored his name in plaintext and other scrambled data. The badge also contained a web address to download BCard, a business card reader app.
