Companies House WebFiling Dashboard Vulnerability Exploited for Fraud

First reported

16.03.2026 12:30

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

The UK’s Companies House suspended its WebFiling dashboard after a security flaw allowed unauthorized access to corporate and personal details of directors. The vulnerability enabled attackers to view and potentially modify registration details of around five million companies, exposing them to phishing and fraud. The flaw was discovered by Dan Neidle and John Hewitt, who demonstrated how easy it was to exploit. Companies House has taken the dashboard offline for investigation, but the extent of the impact and whether modifications were made remains unclear. Directors are advised to check their registration data for unauthorized changes.

Timeline

16.03.2026 12:30 1 articles · 1h ago

Companies House WebFiling Dashboard Vulnerability Exploited for Fraud
The UK’s Companies House suspended its WebFiling dashboard after a security flaw allowed unauthorized access to corporate and personal details of directors. The vulnerability enabled attackers to view and potentially modify registration details of around five million companies, exposing them to phishing and fraud. The flaw was discovered by Dan Neidle and John Hewitt, who demonstrated how easy it was to exploit. Companies House has taken the dashboard offline for investigation, but the extent of the impact and whether modifications were made remains unclear. Directors are advised to check their registration data for unauthorized changes.
Show sources

UK: Companies House Web Glitch Exposes Corporate Details to Fraudsters — www.infosecurity-magazine.com — 16.03.2026 12:30
Open in new tab

Information Snippets

The vulnerability in the WebFiling dashboard allowed attackers to access the dashboards of other companies by exploiting a simple navigation flaw.
First reported: 16.03.2026 12:30

1 source, 1 article
Show sources
- UK: Companies House Web Glitch Exposes Corporate Details to Fraudsters — www.infosecurity-magazine.com — 16.03.2026 12:30
Attackers could view personal and corporate information of around five million directors, including email addresses and dates of birth.
First reported: 16.03.2026 12:30

1 source, 1 article
Show sources
- UK: Companies House Web Glitch Exposes Corporate Details to Fraudsters — www.infosecurity-magazine.com — 16.03.2026 12:30
The flaw also allowed attackers to modify registration details of other companies, potentially enabling fraudulent activities such as opening new bank accounts.
First reported: 16.03.2026 12:30

1 source, 1 article
Show sources
- UK: Companies House Web Glitch Exposes Corporate Details to Fraudsters — www.infosecurity-magazine.com — 16.03.2026 12:30
Companies House has suspended the WebFiling dashboard while it investigates the vulnerability.
First reported: 16.03.2026 12:30

1 source, 1 article
Show sources
- UK: Companies House Web Glitch Exposes Corporate Details to Fraudsters — www.infosecurity-magazine.com — 16.03.2026 12:30
The agency is investigating whether modifications were made, how long the website was vulnerable, and if any organizations were impacted.
First reported: 16.03.2026 12:30

1 source, 1 article
Show sources
- UK: Companies House Web Glitch Exposes Corporate Details to Fraudsters — www.infosecurity-magazine.com — 16.03.2026 12:30