SDCC Halts Eisner Awards Voting Due to Weird Security Screw-Up

SDCC Halts Eisner Awards Voting Due to Weird Security Screw-Up
The Eisner Awards are still happening this year despite in-person San Diego Comic-Con being cancelled. (Image: Comic-Con International)

The ongoing novel coronavirus pandemic forced seemingly extended, however, a number of people realised something was amiss with their accounts.

At some point this week, a number of Eisner voters ” creators, comic book store owners/managers, librarians, and historians ” who’d previously cast their ballots logged back into the portal to find, in some cases, that they were somehow pushed into someone else‘s account. Others, in instances where they were able to get into their own accounts, found their ballots had been altered, presumably by someone who managed to gain access to their account at another time.

Here Are Your 2020 Eisner Awards Nominees

Like with most things this year, the 2020 Eisner Awards are a little different. Yes, it's still a celebration of the best things the comic book industry had to offer in the previous year. Yes, it's still a very diverse, exciting group of talent. However, this year, due to the...

Read more

Though people having their votes changed against their will is bad enough, the more pressing matter is that each Eisner voting account contained sensitive information of the original owner. That means that if someone else gained access to the account, they would potentially have access to addresses and phone numbers, something that could pose a huge security problem.

In a statement to Gizmodo, Comic-Con’s organisers acknowledged the problem but did not provide any explanation as to what’s causing it. “We were alerted to an anomaly with the site hosting the Eisner’s voting. We have closed voting and are investigating the situation,” the statement read. “We will make an announcement as we have additional information. We’re sorry for the inconvenience to voters.”

There are a handful of technical glitches that could have led to the compromising of the system and there’s no way currently of telling whether what’s happened was caused intentionally or is especially widespread among the accounts registered to the portal. That being said, as the comics community, in particular, has been acknowledging and reckoning with the presence of bad, predatory actors within the space, this type of screw-up is still particularly concerning given its potential to put people in danger by exposing their private information.

When we asked Gizmodo data reporter Dhruv Mehrotra what apparent steps were taken to protect the site, he was frank in his assessment of there being very few. He told us, “While I can’t be sure of exactly what happened, that the site’s developers chose not to protect Eisner voter’s data in transit with any type of encryption and the fact that they found it prudent to use Comic Sans [font], points to such sloppy web development that I’m not particularly surprised there was an issue.”

It’s important to note that whatever the back-end technical issue is, it appears to only affect some accounts and not others, so it doesn’t seem like a viable means of gaming the voting itself. The website currently states voting is closed, which is good, but San Diego Comic-Con has yet to make a public announcement alerting people to the issue, which might not be clear to anyone who hasn’t recently attempted logging into their accounts.

We’ll update this post should new details become available.