Boris Johnson and Michael Gove had their accounts on the CPC 2018 app hacked and several ministers, including those with top-security clearance, were said to have received nuisance calls.
The accounts of journalists, lobbyists and other delegates to the conference could also have been compromised.
Several Twitter users said they accessed the profile of Mr Johnson and some posted pornography for his profile picture and profanities for his job title.
Environment Secretary Mr Gove’s profile picture was changed to that of Rupert Murdoch, his employer when he was a journalist.
The Information Commissioner’s Office said: “We will be making inquiries.”
The app, created by Australian firm Crown Comms, was updated and the log-in function removed.
A Tory spokesman said: “The app is now functioning securely.”
Shadow Cabinet Office minister Jon Trickett said: “How can we trust this Tory government with our country’s security when they can’t even build a conference app that keeps the data of their members, MPs and others attending safe and secure?”