‘Legacy system’ exposed Black Hat 2018 attendees’ contact information

I guess this is a story because it's Black Hat and someone who wasn't supposed to be able to access this info did. However, conference attendee information is widely sold and shared as a matter of course. You shouldn't consider it as anything approaching confidential.

Can we change this to the original post? <a href="https:&#x2F;&#x2F;ninja.style&#x2F;post&#x2F;bcard&#x2F;" rel="nofollow">https:&#x2F;&#x2F;ninja.style&#x2F;post&#x2F;bcard&#x2F;</a>

It&#x27;s amazing the number of things you can find by simply enumerating through a sequential series of integers, in what is basically a &quot;gimme data&quot; request to some public facing data endpoint.

It&#x27;s worth noting that Black Hat was spun off from Def Con to get corporations to allow employees to expense it. Often speakers at Black Hat also present at Def Con. Def Con as a matter of policy does not collect any information about its attendees [0].<p>[0] Read the fine print: <a href="https:&#x2F;&#x2F;media.defcon.org&#x2F;DEF%20CON%2026&#x2F;DEF%20CON%2026%20receipt.pdf" rel="nofollow">https:&#x2F;&#x2F;media.defcon.org&#x2F;DEF%20CON%2026&#x2F;DEF%20CON%2026%20rec...</a>

In related news, apparently 90% of the attendees were named &quot;Chuck U Farley&quot;.

Integrity is quite a thing ;)

Why would you goto black hat and use your real name &#x2F; identity ?

in other words MQLs (Marketing Qualified Leads) from BH2018 are free (if your know how to get them).

ironic