SDCC Halts Eisner Awards Voting Due to Weird Security Screw-Up

[InfoSec News <alerts () infosecnews org>]

https://io9.gizmodo.com/sdcc-halts-eisner-awards-voting-due-to-weird-security-s-1844081497

By Charles Pulliam-Moore
io9.gizmodo.com
June 18, 2020

The ongoing novel coronavirus pandemic forced San Diego Comic-Con to go 
entirely digital this year. But voting for the annual Eisner Awards was 
meant to go rather smoothly as people could participate through an online 
portal put together with SDCC’s organizers. Just as the deadline for 
voting was seemingly extended, however, a number of people realized 
something was amiss with their accounts.

At some point this week, a number of Eisner voters—creators, comic book 
store owners/managers, librarians, and historians—who’d previously cast 
their ballots logged back into the portal to find, in some cases, that 
they were somehow pushed into someone else’s account. Others, in instances 
where they were able to get into their own accounts, found their ballots 
had been altered, presumably by someone who managed to gain access to 
their account at another time.

Though people having their votes changed against their will is bad enough, 
the more pressing matter is that each Eisner voting account contained 
sensitive information of the original owner. That means that if someone 
else gained access to the account, they would potentially have access to 
addresses and phone numbers, something that could pose a huge security 
problem.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_