Sign in with
Sign up | Sign in

UK Government Reveals Personal Info During Consultation

By - Source: The Register | B 10 comments

Oops!

The UK government just yesterday announced that it was opening up a 10-week consultation on proposed solutions to protect children from harmful content online. The Department for Education invited parents and the general public to sound off on the filter options that would see ISPs block porn and other harmful content unless the customer specifically said they didn't want such filters in place. However, it seems the DfE's consult has been taken offline after just one day because it was leaking people's personal information.

 

The Register was the first to report on the leak and writes that the Department for Education's website was exposing the email addresses, unencrypted passwords and sensitive answers of members of the public who filled in the survey and provided feedback.

"No URL manipulation was required," one reader told the Register. "Once I had completed the survey I simply clicked on the link to view my responses, and I was presented with another user's responses instead. I have reported this breach to the ICO [Information Commissioner's Office]."

The Register also contacted the DfE, and the site's Kelly Fiveash reports that their call was apparently the first the office had heard about the problem. The Department for Education has since shut down the consultation page, with a message declaring it's down for maintenance. The ICO commented in a statement that it had been made aware of the possible data breach and would be making inquiries about the incident.

Follow @JaneMcEntegart on Twitter.                      

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 10 Hide
    Anonymous , June 30, 2012 11:33 AM
    it should be illegal for any company to save unencrypted passwords anywhere
Other Comments
  • 8 Hide
    kikireeki , June 30, 2012 9:18 AM
    Upon that tragic incident I shall declare: LOL
  • 1 Hide
    Anonymous , June 30, 2012 10:21 AM
    Its ALWAYS for the kids huh?
  • Display all 10 comments.
  • 10 Hide
    Anonymous , June 30, 2012 11:33 AM
    it should be illegal for any company to save unencrypted passwords anywhere
  • 3 Hide
    lievyon , June 30, 2012 11:49 AM
    Block porn on the internet. LOL that's a good one.
  • 4 Hide
    goatsetung , June 30, 2012 12:38 PM
    Privacy and freedom should be illegal. Think of the children! And the terrorists!

    Now bend over and "Respect My Authoritah!"
  • 0 Hide
    Anonymous , June 30, 2012 1:03 PM
    "we'll implant a device that reads thoughts into your head and replace one of your eyes with a camera that shows us everything you do, but that's because your safety is important to us"... how come they seem perfectly capable of that?
  • -1 Hide
    freggo , June 30, 2012 3:20 PM
    crazypcmanit should be illegal for any company to save unencrypted passwords anywhere

    Don't be naive; there are easier ways to get passwords than hack an encrypted or even unencrypted database.
    The problem is that most people use ONE password for everything they do. That means once I have your 'yahoo' password (for example) I can access your bank, facebook and anything else.
    Add to that the shady methods of Registrars like 1&1.com and you can do some fun stuff 'underground' !

  • -1 Hide
    QEFX , June 30, 2012 10:57 PM
    freggoDon't be naive; there are easier ways to get passwords than hack an encrypted or even unencrypted database.The problem is that most people use ONE password for everything they do. That means once I have your 'yahoo' password (for example) I can access your bank, facebook and anything else.Add to that the shady methods of Registrars like 1&1.com and you can do some fun stuff 'underground' !


    Don't forget people who have stupid passwords such as "password" or "123456". Oh and short, easier to crack, passwords like "bob" or "9876". Even simple word passwords like "financial" or "dangerous". Basically the problem is human nature and laziness (you can add stupidity if you want). Until you get humans out of the security equation, you'll never be truly secure.
  • -1 Hide
    f-14 , July 1, 2012 2:16 AM
    meh. idc. not america, they don't have the same rights we have, not my problem or concern.
  • 2 Hide
    A Bad Day , July 1, 2012 6:22 PM
    freggoDon't be naive; there are easier ways to get passwords than hack an encrypted or even unencrypted database.The problem is that most people use ONE password for everything they do. That means once I have your 'yahoo' password (for example) I can access your bank, facebook and anything else.Add to that the shady methods of Registrars like 1&1.com and you can do some fun stuff 'underground' !


    I'd rather have a security problem at the user rather than at the service. What if I use a 32-word password that is nearly impossible to crack, and it gets cracked anyways because it was in a unencrypted format?

    Which online service would you want to use? The one that forces most hackers to use social engineering or other methods to get around the hashes, salting, and other fun stuff? Or the one that requires simple or no tools to break into?