The BBC has discovered a security flaw in the office collaboration tool Huddle that led to private documents being exposed to unauthorised parties.

A BBC journalist was inadvertently signed in to a KPMG account, with full access to private financial documents.

Huddle is an online tool that lets work colleagues share content and describes itself as "the global leader in secure content collaboration".

The company said it had fixed the flaw.
Its software is used by the Home Office, Cabinet Office, Revenue & Customs, and several branches of the NHS to share documents, diaries and messages.

"If somebody is putting themselves out there as a world-class service to look after information for you, it just shouldn't happen," said Prof Alan Woodward, from the University of Surrey.

"Huddles contain some very sensitive information."

In a statement, Huddle said the bug had affected "six individual user sessions between March and November this year".

"With 4.96 million log-ins to Huddle occurring over the same time period, the instances of this bug occurring were extremely rare," it said.

As well as a BBC employee being redirected to the KPMG account, Huddle said a third party had accessed one of the BBC's Huddle accounts.

KPMG has not yet responded to the BBC's request for comment.

Source: BBC



Listen

Your e-mail address will not be published.
Required fields are marked*

  This is an error message