UK.gov leaves data dashboard users’ details on publicly accessible on a third-party system. Users are urge to reset their password.
Are you a user of the UK Government website UK.gov? Change your password now!
Users of the government’s data dashboard have been notified that their information was accidentally made public so they urge to change their passwords.
The news was reported by The Register after it has seen an email that confirmed that a file containing names, emails and hashed passwords for the data.gov.uk site was left publicly accessible on a third-party system.
According to the email, users registered on gov.uk on or before 20 June 2015 have been affected.
“A recent routine security review discovered a file containing some users’ names, emails and hashed passwords was publicly accessible on a third-party system,” reads the email from the Government Digital Service.
The Government Digital Service confirmed that it immediately adopted the necessary actions to remove data from the public domain. The GDS also reported the data breach to data protection watchdog Information Commissioner’s Office.
The UK Government suggests users reset their password for gov.uk and for any other website where they used the same login credentials.
“There is no evidence of misuse of anyone’s credentials,” states the email. “Resetting your password is purely a precautionary measure.”
The incident could have a severe impact on a large portion of Britons considering that the website Data.gov.uk was visited more than 200,000 times each month in 2017.
(Security Affairs – UK.gov, data breach)