Over 700 UK Government Passwords Leaked on Dark Web, Raising National Security Concerns

Hundreds of email addresses and passwords belonging to UK government officials have been found leaked on the dark web, sparking serious fears over national security and data protection.

According to a report by threat exposure management firm NordStellar, more than 700 government email credentials linked to nine departments have surfaced online in the past year. Experts warn that hackers could exploit these details to access sensitive systems, including citizen databases, power grids, or other critical infrastructure.

The Ministry of Justice was reportedly the most affected, with 195 leaked passwords, followed by the Department for Work and Pensions (122) and the Ministry of Defence (111). Other departments impacted include the Home Office, Foreign Office, Department for Transport, UK Parliament, Department of Health and Social Care, and HM Revenue & Customs.

Cybersecurity specialists say the leaks reveal “dangerous vulnerability gaps” in the UK government’s defences. NordStellar’s head of product, Vakaris Noreika, warned that even one active account could provide attackers with an initial foothold to launch larger intrusions.

Dr Gareth Mott, a cybersecurity fellow at the Royal United Services Institute, cautioned that a severe data leak could have “significant political, economic, and social consequences,” comparing the potential fallout to the 2022 Afghan resettlement data breach that exposed thousands of records.

The warning comes amid a surge in cyberattacks on UK institutions and businesses. Earlier this year, the Legal Aid Agency, HMRC, and major companies including Jaguar Land Rover, M&S, and Harrods suffered cyber incidents linked to dark web ransomware groups such as DragonForce and Hellcat.

The National Cyber Security Centre (NCSC) has attributed a record rise in serious cyberattacks to hackers backed by China and Russia, calling the threat “significant.” Meanwhile, the National Audit Office (NAO) has criticized the government for being slow to strengthen its defences, noting “low levels of cyber maturity” across multiple departments.

In response, a Department for Science, Innovation and Technology spokesperson said the government is “going further” to protect critical systems, including a new cyber resilience model and the upcoming Cyber Security and Resilience Bill, aimed at safeguarding essential services such as energy and water.

The Information Commissioner’s Office urged all government agencies to adopt stronger security practices, including multi-factor authentication and robust vulnerability management, stressing that the public “must trust organisations are doing everything they can to protect their data.”

A UK Parliament spokesperson added that Parliament “takes cybersecurity extremely seriously” and continues to work closely with the NCSC to enhance digital safety measures.

As cyber threats continue to escalate, experts say the latest leaks underline the urgent need for better password security and faster implementation of national cybersecurity reforms.