THE UK’s Companies House has suspended access to its WebFiling dashboard after being notified of a serious flaw that may have exposed countless businesses to fraud. According to Dan Neidle, founder of Tax Policy Associates, the issue was brought to his attention by John Hewitt at Ghost Mail.
The security glitch can be exploited by logging in with your own details, selecting to file for another company, and then entering a different company’s number, which could lead to authentication prompts you do not possess and end with access to another company’s dashboard.
By exploiting the flaw, around five million directors’ personal and corporate information, including email addresses and dates of birth, could be accessed and potentially used in phishing or other fraudulent activity, and even registration details of other companies could be modified. Companies House has taken the WebFiling dashboard offline while it investigates, and directors are advised to check their registration data for any changes.