By Michael Biesecker and Jack Gillum, Associated Press
WASHINGTON (AP) — The campaign of Republican presidential candidate Ted Cruz updated its mobile app after an independent review found security flaws that could have allowed hackers to access personal data from users.
The computer-security firm Veracode performed audits of the “Cruz Crew” app and those released by other 2016 presidential contenders at the request of The Associated Press.
While AP was reporting on potential vulnerabilities with the Cruz app, a high-ranking Cruz staffer responsible for the security of the campaign’s horde of personal data suffered a breach, giving a hacker access to a campaign email account. Last week, the hacker sent phishing emails to individuals with whom the official had been corresponding, including AP reporters.
The email appeared to be a message from the campaign that included a link to what appeared to be a folder on the Google Drive cloud service. Anyone who clicked the link was prompted to enter login information that gave the hacker access to the victim’s email account and any data folders on Google’s cloud.
“It’s a virus. Don’t click on it,” Chris Wilson, Cruz’s data and digital director, said when asked about the email sent to AP reporters from his account. “Wasn’t paying attention and clicked on the stupid folder. … It must have phished my sent items.”
The AP reported last month that the “Cruz Crew” app is designed to gather detailed information from users’ phones — tracking their physical movements and harvesting the…