Hacker News new | ask | show | jobs
by Someone1234 2060 days ago
Companies House wasn't compromised, they warned third parties about potential issues with the underlying data.
2 comments
mkishi 2060 days ago
According to a thread [1] on Companies House's Developer Forum, they were.

[1]: https://forum.aws.chdev.org/t/cross-site-scripting-xss-softw...

link
mathieuh 2060 days ago
No I mean the fact that this was possible on their website, XSS is one of the simplest things to test, in fact it was one of the standard tests UI testers would do on new screens.

Not saying they were compromised.

link
ceejayoz 2060 days ago
It wasn't possible on their website.

They provide data feeds to many third parties, who might themselves be vulnerable, hence the notification.

link