nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

UK.gov leaves data dashboard users' details on publicly accessible site

You should probably reset your password, says GDS

By Rebecca Hill, 29 Jun 2017

Users of the UK government’s data dashboard have been asked to change their passwords after their information was made public.

According to an email seen by The Register, a file containing the names, emails and hashed passwords for the data.gov.uk site was left on a third-party system.

“A recent routine security review discovered a file containing some users’ names, emails and hashed passwords was publicly accessible on a third-party system,” the email from the Government Digital Service stated.

The email said that the file in question contained information on all data.gov.uk users who registered on or before 20 June 2015.

The government advised users to reset their password - and that of any other accounts that also used that password - but added that there was no evidence of wrongdoing.

“There is no evidence of misuse of anyone’s credentials," the email said. "Resetting your password is purely a precautionary measure.”

GDS added that it "immediately took steps to remove this data from the public domain".

It has also reported the breach to data protection watchdog the Information Commissioner's Office.

Data.gov.uk was visited more than 200,000 times each month this year.

The Cabinet Office did not respond immediately to a request for comment. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing