Companies House closed quickly after glitch allowed individuals to edit OTHER corporations’ particulars

Companies House was forced to temporarily close its online filing service after a glitch allowed users to edit the confidential data of other businesses.

More than five million companies were left vulnerable to potential fraud due to the bug, which left criminals free to change the name, address, email address and full date of birth of company directors.

The glitch also meant that anyone discovering the flaw could have deleted or uploaded fraudulent company accounts for any company registered on the site.

Some of the largest organisations in the UK appear on the official corporate register, including BP, Shell, HSBC, Unilever and Tesco. 

Users simply needed to log in to the site and then enter any other company’s number. At that point they would be asked for a code, however this could be bypassed by simply pressing the ‘back’ button on the web browser several times.

After doing that, users found themselves not seeing their own dashboard but rather that of the company they had tried to access.

Even without malicious intent, using a computer to look at data without permission could land someone in prison for up to two years – or five years if the access is gained to commit further offences, such as fraud – under the UK Computer Misuse Act 1990. 

Dan Neidle, founder of non-profit Tax Policy Associates, flagged the issue to Companies House, after being tipped off by John Hewitt at corporate services provider Ghost Mail. 

He said in a post about the incident: ‘There are obvious security and GDPR implications of revealing directors’ home and email addresses for millions of companies. 

‘All the more so if nobody knows which companies were impacted by the vulnerability.’ 

Companies House told Financial Times: ‘We are aware of an issue with our WebFiling service and have closed it while we investigate. 

‘We apologise for any inconvenience to our customers.’ 

Daily Mail has contacted Companies House for comment.