An email claiming to come from the conference organizers asked recipients to confirm a requested new password at a suspicious URL. The email was sent to around 7,500 registered attendees, explained Trey Ford, general manager of Black Hat, in a blog post.
Ford explained that a volunteer from ITN, which handles on-site registration and check-in, was the source of the email. The volunteer committed an “abuse of functionality”, whatever that means. Have no fear. The volunteer “has been spoken to", the Black Hat GM added.
“Our most valued assets at Black Hat are our delegates and their privacy. We work very hard to maintain that. We want everyone to come to Black Hat to learn and enjoy their time without fear of having their personal or professional information compromised. We are happy to report there are no signs of compromise”, Ford wrote.
Behind this mea culpa is the broader issue of third-party contractor security. What if this “volunteer” was motivated by malicious intent? What controls are in place at Black Hat that would prevent a real security breach by a third party from taking place?
| The volunteer "has been spoken to"? I don't know about you all, but I feel better already... |