UK Government’s “Strong Cyber Defenses” Leak 700 Passwords to the Dark Web
By Staff, Agencies
A new cybersecurity report has revealed that hundreds of passwords linked to major UK government departments have been leaked onto the dark web, exposing what experts describe as “dangerous vulnerability gaps” in Britain’s digital defenses.
According to data from NordStellar, which monitors illicit online activity, over 700 government email addresses and passwords from nine government domains appeared on dark web marketplaces in the past year. The leak reportedly included accounts tied to the Ministry of Justice, Department for Work and Pensions, and Ministry of Defense—raising fears that taxpayer data and critical national infrastructure could be at risk.
The Ministry of Justice was the most exposed department, with 195 passwords leaked, followed by the Department for Work and Pensions with 122, and the Ministry of Defense with 111. Other affected bodies included the Home Office, Foreign Office, Department for Transport, Parliament, Department of Health and Social Care and HMRC.
NordStellar’s Vakaris Noreika said it remains unclear whether the stolen credentials had been used to access sensitive systems, but warned that even a single active account could give hackers a “direct attack vector.” He added that the leaked credentials could expose police databases, citizen records or even power grid networks to cyber intrusion.
Cybersecurity expert Dr. Gareth Mott from the Royal United Services Institute likened the potential fallout to “the Afghan lists on steroids”—referring to the catastrophic 2022 Ministry of Defense breach that exposed data from the UK’s Afghan resettlement program. He cautioned that such leaks could lead to political, economic and social consequences, warning: “All it takes is for one account to still be active”.
The report also noted nine attempts to sell classified UK military and NATO-related documents on the dark web in the past year, which analysts say could “directly undermine national security.”
The revelations come amid a wave of high-profile cyberattacks across the UK. Earlier this year, the Legal Aid Agency, HMRC, and private firms such as Jaguar Land Rover, M&S, and Harrods were all hit by data breaches, some claimed by groups like DragonForce and Scattered Spider.
The National Audit Office [NAO] has already warned that the cyber threat to the UK government is “severe and advancing quickly,” criticizing slow progress on resilience efforts. “Attacks on key public services are likely to happen regularly,” NAO head Gareth Davies said, urging government agencies to “catch up with the acute cyber threat”.
In response, the Department for Science, Innovation and Technology insisted that the UK has “robust defenses,” citing a new Cyber Security and Resilience Bill to be introduced later this year. Similarly, Parliament stated it “takes cybersecurity extremely seriously,” though it declined to share details of its protective measures.
The Information Commissioner’s Office [ICO] urged the government to “go further and faster” in securing data, stressing that citizens “must trust organizations to protect their information”.
Despite the reassurances, experts warn that Britain’s cyber armor is thinning fast—and that even one old password could be enough to open the door to the kingdom.
