A critical vulnerability in the UK's Companies House website allowed unauthorized access to the private dashboards of any registered company, exposing directors' personal addresses and enabling potential company hijacking. The flaw, discovered by a corporate services provider, was exploited simply by navigating back after attempting to file for another company, bypassing authentication. Companies House has temporarily shut down its systems in response.
Background
Companies House is the UK's official register of companies, holding sensitive information for millions of businesses. Security flaws in such government systems can lead to identity theft, fraud, and corporate espionage.
- Source
- Lobsters
- Published
- Mar 15, 2026 at 02:09 AM
- Score
- 8.0 / 10