Companies House "hack" - Page 1 - Computers, Gadgets & Stuff

PistonHeads » Gassing Station » The Pie & Piston » Computers, Gadgets & Stuff

Companies House "hack"

My Profile My Preferences My Mates

Search My Stuff

What's New 3 12 24 72

OP Posts Only

Author

Discussion

selwonk

Original Poster

2,142 posts

248 months

[report]

[news]

Friday

Sorry it this has been posted elsewhere; I know there a number of threads running on Digital ID etc.

This is astonishing:

https://taxpolicy.org.uk/2026/03/13/companies-hous...

In a nutshell, an exploit has been identified in the Companies House web site. Hack is a strong word:

1. Log into your own company dashboard.
2. Click the link to file for another company.
3. Enter the publicly available company number.
4. Proceed.
5. You are presented with a authentication code input.
6. Press the browser back button four times.
7. You are back on the company dashboard, but not your own. Instead you are in the company dashboard of the company number you entered in step 3,.

Those of us opposed to Digital ID and, pretty much, any large Gov.UK IT project are repeatedly told that we a paranoid and yet they cock it up time after time after time!

mattley

3,030 posts

245 months

[report]

[news]

Yesterday (18:36)

If you can perform Step 1 you're already compromised.

https://www.computerweekly.com/news/366623991/Secu...

This is how they hide this awfulness

https://committees.parliament.uk/writtenevidence/1...

Tim Cognito

974 posts

30 months

[report]

[news]

Yesterday (18:42)

That is absolutely mind-blowing from a security perspective if true.

jesusbuiltmycar

5,051 posts

277 months

[report]

[news]

21:42

Might be worth emailing The Register and tipping them off - I am sure there Cyber Security team would to love to have a play and write n article about it.

OP Posts Only

Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff

Posting Rules