The ongoing novel coronavirus pandemic forced San Diego Comic-Con to go entirely digital this year. But voting for the annual Eisner Awards was meant to go rather smoothly as people could participate through an online portal put together with SDCC’s organizers. Just as the deadline for voting was seemingly extended, however, a number of people realized something was amiss with their accounts.
At some point this week, a number of Eisner voters—creators, comic book store owners/managers, librarians, and historians—who’d previously cast their ballots logged back into the portal to find, in some cases, that they were somehow pushed into someone else’s account. Others, in instances where they were able to get into their own accounts, found their ballots had been altered, presumably by someone who managed to gain access to their account at another time.
Though people having their votes changed against their will is bad enough, the more pressing matter is that each Eisner voting account contained sensitive information of the original owner. That means that if someone else gained access to the account, they would potentially have access to addresses and phone numbers, something that could pose a huge security problem.
In a statement to io9, Comic-Con’s organizers acknowledged the problem but did not provide any explanation as to what’s causing it. “We were alerted to an anomaly with the site hosting the Eisner’s voting. We have closed voting and are investigating the situation,” the statement read. “We will make an announcement as we have additional information. We’re sorry for the inconvenience to voters.”
There are a handful of technical glitches that could have led to the compromising of the system and there’s no way currently of telling whether what’s happened was caused intentionally or is especially widespread among the accounts registered to the portal. That being said, as the comics community, in particular, has been acknowledging and reckoning with the presence of bad, predatory actors within the space, this type of screw-up is still particularly concerning given its potential to put people in danger by exposing their private information.
When we asked Gizmodo data reporter Dhruv Mehrotra what apparent steps were taken to protect the site, he was frank in his assessment of there being very few. He told us, “While I can’t be sure of exactly what happened, that the site’s developers chose not to protect Eisner voter’s data in transit with any type of encryption and the fact that they found it prudent to use Comic Sans [font], points to such sloppy web development that I’m not particularly surprised there was an issue.”
It’s important to note that whatever the back-end technical issue is, it appears to only affect some accounts and not others, so it doesn’t seem like a viable means of gaming the voting itself. The website currently states voting is closed, which is good, but San Diego Comic-Con has yet to make a public announcement alerting people to the issue, which might not be clear to anyone who hasn’t recently attempted logging into their accounts.
We’ll update this post should new details become available.
For more, make sure you’re following us on our Instagram @io9dotcom.