Companies House "hack"
Discussion
Sorry it this has been posted elsewhere; I know there a number of threads running on Digital ID etc.
This is astonishing:
https://taxpolicy.org.uk/2026/03/13/companies-hous...
In a nutshell, an exploit has been identified in the Companies House web site. Hack is a strong word:
1. Log into your own company dashboard.
2. Click the link to file for another company.
3. Enter the publicly available company number.
4. Proceed.
5. You are presented with a authentication code input.
6. Press the browser back button four times.
7. You are back on the company dashboard, but not your own. Instead you are in the company dashboard of the company number you entered in step 3,.
Those of us opposed to Digital ID and, pretty much, any large Gov.UK IT project are repeatedly told that we a paranoid and yet they cock it up time after time after time!
This is astonishing:
https://taxpolicy.org.uk/2026/03/13/companies-hous...
In a nutshell, an exploit has been identified in the Companies House web site. Hack is a strong word:
1. Log into your own company dashboard.
2. Click the link to file for another company.
3. Enter the publicly available company number.
4. Proceed.
5. You are presented with a authentication code input.
6. Press the browser back button four times.
7. You are back on the company dashboard, but not your own. Instead you are in the company dashboard of the company number you entered in step 3,.
Those of us opposed to Digital ID and, pretty much, any large Gov.UK IT project are repeatedly told that we a paranoid and yet they cock it up time after time after time!
If you can perform Step 1 you're already compromised.
https://www.computerweekly.com/news/366623991/Secu...
This is how they hide this awfulness
https://committees.parliament.uk/writtenevidence/1...
https://www.computerweekly.com/news/366623991/Secu...
This is how they hide this awfulness
https://committees.parliament.uk/writtenevidence/1...
Might be worth emailing The Register and tipping them off - I am sure there Cyber Security team would to love to have a play and write n article about it.
The Register have already run with it: https://www.theregister.com/2026/03/16/companies_h...
And it has only been there since October 2025
And we are being asked to trust these clowns with our digital ID??
And it has only been there since October 2025
And we are being asked to trust these clowns with our digital ID??
Edited by GlenMH on Monday 16th March 13:50
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff