UK.gov leaves data dashboard users' details on publicly accessible site

Users of the UK government’s data dashboard have been asked to change their passwords after their information was made public.

According to an email seen by The Register, a file containing the names, emails and hashed passwords for the data.gov.uk site was left on a third-party system.

“A recent routine security review discovered a file containing some users’ names, emails and hashed passwords was publicly accessible on a third-party system,” the email from the Government Digital Service stated.

The email said that the file in question contained information on all data.gov.uk users who registered on or before 20 June 2015.

The government advised users to reset their password - and that of any other accounts that also used that password - but added that there was no evidence of wrongdoing.

“There is no evidence of misuse of anyone’s credentials," the email said. "Resetting your password is purely a precautionary measure.”

GDS added that it "immediately took steps to remove this data from the public domain".

It has also reported the breach to data protection watchdog the Information Commissioner's Office.

Data.gov.uk was visited more than 200,000 times each month this year.

The Cabinet Office did not respond immediately to a request for comment. ®