• Donate
  • Login
Saturday, July 4, 2026
  • Login
  • Register
Canary
Cart / £0.00

No products in the basket.

MEDIA THAT DISRUPTS
  • UK
  • Global
  • Opinion
  • Skwawkbox
  • Manage Subscription
  • Support
  • Features
    • Health
    • Environment
    • Science
    • Feature
    • Sport & Gaming
    • Lifestyle
    • Tech
    • Business
    • Money
    • Travel
    • Property
    • Food
    • Media
  • SHOP
No Result
View All Result
MANAGE SUBSCRIPTION
SUPPORT
  • UK
  • Global
  • Opinion
  • Skwawkbox
  • Manage Subscription
  • Support
  • Features
    • Health
    • Environment
    • Science
    • Feature
    • Sport & Gaming
    • Lifestyle
    • Tech
    • Business
    • Money
    • Travel
    • Property
    • Food
    • Media
  • SHOP
No Result
View All Result
Canary
No Result
View All Result
  • Editorial
  • Explainer
  • Global
  • Opinion
  • Environment
  • Feature
  • Food
  • Health
  • Science
  • Skwawkbox
  • UK

Ministry of Defence password breaches came from weak security

Jamal Awar by Jamal Awar
17 October 2025
in News, UK
Reading Time: 3 mins read
196 2
A A
0
Home UK News
Share on FacebookShare on TwitterShare on BlueskyShare via WhatsAppShare via TelegramShare on Threads

New research has revealed that more than 3,000 passwords belonging to UK civil servants have been publicly exposed since the start of 2024. Institutions that were among the most affected are the Ministry of Defence (MoD), the Ministry of Justice, Department for Work and Pensions, and the UK Parliament.

NordPass, in collaboration with the cybersecurity platform NordStellar, published the findings. They show the MoD among the top three government departments with compromised credentials.

The Ministry of Defence can’t even defend itself

Researchers discovered 111 passwords linked to the Ministry of Defence in publicly available or dark-web databases. This is the same department that claims to safeguard the nation’s most sensitive military data.

This is not a hostile foreign power infiltrating Britain. It is Britain’s own bureaucracy shooting itself in the foot.

Every week, government ministers flock to the despatch box with the same script. Time and time again, these same phrases echo from ministers week after week: “security threats”, “safeguards” and “national defence”. The narrative is clear: there are dangerous outsiders who threaten the safety of the British people, and the state must remain vigilant.

But these new revelations force a different question. How can a government that can’t secure its own logins claim to secure an entire nation?

111 leaked passwords might sound minor, but in the world of defence networks, one breach is enough to compromise an entire system.

Hollow rhetoric

Karolis Arbačiauskas, head of product at NordPass, said:

Exposure of sensitive data, including passwords, of civil servants is particularly dangerous. Compromised passwords can affect not only organizations and their employees but also large numbers of citizens.

Researchers found that many of these passwords were weak, recycled or linked to multiple accounts. Some had been circulating for months. The study warns that such exposures pose a “serious risk to a country’s strategic interests”, especially when tied to official email domains.

Espionage doesn’t happen, in today’s age, by secret agents stealing briefcases from a secret safe somewhere. It happens through forgotten logins, poor credential management and lazy IT systems.

What adds insult to injury is that the NordPass study revealed that many of these breaches originated not from sophisticated hacks but from basic user error. Things like officials registering work emails on third-party sites or reusing passwords across platforms.

Despite all the rhetoric about strength and defiance, the UK’s digital defences look alarmingly hollow. The Ministry of Defence has effectively left 111 doors open online, yet it is ordinary people who face the full force of the law for exposing state failures.

The state goes after the good Samaritans who dare to expose power instead.

When Palestine Action breached a Ministry of Defence (MoD) airbase earlier this year to protest Britain’s arms exports to Israel, the government didn’t call it civil disobedience, whistleblowing, or protest. It called it terrorism. Their actions were condemned as a grave security risk, an ‘attack on the nation’.

And yet, at the very same time, the Ministry itself was caught leaking passwords into the public domain. If trespassing on an airbase makes you a terrorist, what does it make a government department that leaves its virtual front gate unlocked?

Featured image via British Army/YouTube screenshot

Tags: DemocracypalestineprotestUK
Share147Tweet92ShareSendShareShare
Previous Post

Video: Mamdani dismantles Cuomo in NYC mayoral debate

Next Post

Republican Congressman caught with swastika flag on office wall

Next Post
republican swastika

Republican Congressman caught with swastika flag on office wall

Trump

Trump says he wants to build 'Arc de Trump' - but it's much more like Hitler's Brandenburg

EHRC

'Go ask a lawyer' — EHRC takes down trans interim guidance

Gaza Soup Kitchen

Gaza Soup Kitchen provides essential services to a population that now has nothing

Palestine Action

Palestine Action win right to appeal ruling over their proscription

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Sinn Féin
Analysis

Sinn Féin confirm intention to back continuation of cruel, colonial hare coursing

by Robert Freeman
4 July 2026
Wimbledon
Skwawkbox

Wimbledon: Zeynep Sönmez’s watermelon symbol ‘below threshold’ for ban

by Skwawkbox
4 July 2026
Lebanon
Analysis

Lebanon — fury at the government sell-out of the south

by Guy Smallman
4 July 2026
Domestic abuse
Analysis

Sexual assault on sedated partners becoming an organised crime as “truly international” network exposed

by Maddison Wheeldon
4 July 2026
Ronaldo v Modric last dance. Ronaldo marches on as Modric bows out
Sports

Cristiano Ronaldo’s World Cup dream stays still alive as Luka Modric bows out

by Faz Ali
3 July 2026

The Canary
PO Box 71199
LONDON
SE20 9EX

Canary Media Ltd – registered in England. Company registration number 09788095.

For guest posting, contact [email protected]

For other enquiries, contact: [email protected]

Complaints and Corrections

About the Canary

Meet the Team

© Canary Media Ltd 2026, all rights reserved | Website by Monster | Hosted by Krystal | Privacy Settings

Ok

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • UK
  • Global
  • Opinion
  • Skwawkbox
  • Manage Subscription
  • Support
  • Features
    • Health
    • Environment
    • Science
    • Feature
    • Sport & Gaming
    • Lifestyle
    • Tech
    • Business
    • Money
    • Travel
    • Property
    • Food
    • Media
  • SHOP
  • Login
  • Sign Up
  • Cart