⏰   WordFest Live - March 4, 2022 Register Now
We appreciate you being here. Get notified of our new posts:

Issues with user profiles – WordFest Live 2021

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp

share

Last Updated on 23rd January 2021 by Dan Maby

We want to open and transparent about an issue we became aware of early in the recent WordFest Live 2021 event.  Via the WordPress REST API endpoint:

/wp-json/wp/v2/users

Logged in users could view the email address and name of fellow registered attendees. 

We are highlighting this as part of our registration process provided the option for attendees not to have these details publicly available.  This data was only available to other logged in users and via the specific endpoint.  This issue impacts only those attendees that specifically opted not to have their profile visible on the public-facing Attendees page. 

No passwords or other personable identifiable information was exposed.  The team resolved the issues within minutes of being highlighted.  We understand the responsibility of handling personal data and would like to ensure all attendees that this issue was managed with the highest priority.  

As a result of this issue, we are implementing additional measures to review our development cycle practices.  As part of an internal review, we went through the ICO self-assessment for security breaches, at this time we believe this issue does not require reporting.  However, we will reassess if, during a further review, any additional evidence presents. 

“There is no requirement to notify the ICO but you should keep a note of why you came to this decision.  If new information which affects the circumstances of this breach comes to light, you should reassess the risk and determine whether it becomes reportable at that point.”

ICO self-assessment result.

If you have any questions in relation to this, please contact us via the Contact Form on this website: https://www.wordfest.live/contact/

Related Posts

Weglot Supports Big Orange Heart

We’re excited to announce that Weglot has partnered with Big Orange Heart and will feature across all that we deliver throughout 2022. Introducing Weglot Weglot …

WordFest Live – Call for Sponsors

Big Orange Heart is back with the largest regular festival of WordPress globally – WordFest Live – March 4, 2022! Another fun-filled, 24-hour, global celebration …

Registration Now Open – WordFest Live – March 4, 2022

We have an exciting post to kick off 2022! Registration for WordFest Live – March 4, 2022, is now open! Grab your ticket today https://www.wordfest.live/2022/march/register/.  …

Call for WordFest Volunteers

The Call for WordFest Volunteers is open! Volunteering at WordFest has many benefits – the greatest of which is that with giving back to the community comes the feeling of satisfaction with your participation.

Post Author

Your Comments