Government data site user details leak


The government digital service is to make users of its website change their passwords, following a security breach.

It said a database of usernames and email addresses had been discovered on a publicly accessible system during a routine security review.

The site lets registered users browse information published by a variety of government departments.

The GDS has informed the information commissioner of the leak.

A GDS spokeswoman told the BBC that the breach had affected only accounts, and people with separate accounts for other government websites were not affected.

She said only email addresses, usernames and hashed passwords were implicated, rather than personal information such as names and addresses.

A hashed password is one that has been scrambled, which usually makes it much less useful to cyber-criminals.

However, as a precaution, registered users will have to change their password when they next try to log in.

The GDS said people should also change their password on other web services if they had used their password on other websites.

It said there was no evidence that any credentials had been misused.

However, registered users should exercise caution, since cyber-criminals often send opportunistic emails to victims of a data breach, trying to trick them into handing over more information.

More on this story