Doctor Who scripts leak online – fans rush to download after BBC mess-up

Scripts for five episodes of the upcoming series of BBC’s “Doctor Who” TV show have leaked online, weeks before they are due to air, sending feverish fans into a frenzy.

If you’re not aware, “Doctor Who” is a very popular TV programme in the UK and it’s getting rather popular in the United States and other countries too… and its fans are, well, fanatical.

So, probably the very last thing you should do is leave five of the scripts lying around on a public web server that can be indexed by search engines.

Doctor Who leak

Sign up to our free newsletter.
Security news, advice, and tips.

And yet, that’s exactly what someone did.

It appears that the scripts became accessible to anyone with a web browser after being sent to the BBC’s new Latin American headquarters for translation. Ironically, the programme is translated in advance of its English language transmission in order to make it possible to transmit the show in as many countries as possible on the same day… to try to avoid piracy and fans downloading the latest episode from torrent sites.

Although the scripts have now been removed from the BBC Miami web server, the cat is out of the bag – and you don’t have to be a master of the Celestial Toymaker’s trilogic game to find them elsewhere online…

Doctor Who script

The scripts, which include season eight opener “Deep Breath” which will see the official debut story of Peter Capaldi as The Doctor, should – of course – have been under tight lock-and-key, especially following earlier security breaches involving the show.

These have included:

  • the much hyped 2005 comeback episode, starring Christopher Eccleston and Billie Piper, leaking onto torrent sites before its official transmission, after a staffer at a Canadian TV station got a little too free and liberal.
  • a rehearsal script for a “Doctor Who” episode by Neil Gaiman being left in the back of a taxi.
  • American fans being sent a Blu-Ray boxset of last year’s series – *before* its jaw-dropping “Name of the Doctor” series finale, leading up to the show’s 50th Anniversary special, had been broadcast.

Such leaks, and the fanaticism of some “Doctor Who” fans, has meant that secrecy is an essential element of the show’s production – with each script watermarked with it’s owner’s name to track down who could have leaked copies, either deliberately or accidentally.

One presumes that Steven Moffat and the rest of Doctor Who’s production team in Cardiff is fuming at this latest screw-up, and the BBC has issued a statement urging fans to not ruin the fun by reading the scripts in advance:

BBC Worldwide is currently investigating a security issue around Doctor Who Series 8 where unfinished material has inadvertently been made public. We deeply regret this and apologise to all the show’s fans, the BBC and the cast and crew who have worked tirelessly making the series.

We would like to make a plea to anyone who might have any of this material and spoilers associated with it not to share it with a wider audience so that everyone can enjoy the show as it should be seen when it launches. We know only too well that Doctor Who fans are the best in the world and we thank them for their help with this and their continued loyalty.

I have made no secret of the fact that I’ve been a fan of “Doctor Who” since the early 1970s, and I’m as excited as a Taran Wood Beast about the prospect of Peter Capaldi taking over the reins of the TARDIS…

… but I do wonder what on earth is going on at the BBC if they continue to fail to keep one of the corporation’s Crown jewels properly protected from barking mad fans like me.

Doctor Who returns to TV screens on August 23rd.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “Doctor Who scripts leak online – fans rush to download after BBC mess-up”

  1. Sadly a quick Google of the file names you've posted above show they have already been re-shared on the web. Might have been better if you'd obscured the file names? Now anyone can search for them.


    1. Graham CluleyGraham Cluley · in reply to Charles Large

      They were all over Twitter hours before I posted my article.

      Frankly, the cat is out of the bag.

      The good news is that only fans who *want* the episodes to be spoiled will be minded to download them. Fans who wants to enjoy the show as a surprise will avoid them (and indeed the Doctor Who-related messageboards) up until August 23rd.

    2. Coyote · in reply to Charles Large

      Although Graham already covered this I'll go a bit further:

      1) He tends to redact things that should be (unless they're already fixed, for instance, and obviously this goes for security flaws – not breach of someone's privacy – he always redacts that as he should).
      2) As a general rule: once something like this happens _someone_ will have found it and taken advantage of it. Big mistake, sure but it could be a lot worse (at least they weren't exposing files that could help an attacker). But as for this blunder, there's two ways of looking at it: the other way (i.e., blind eye) or at it directly and literally. It really doesn't matter. Those who want to know the script will see (pun intended) to it. Those who don't will not. I know of much worse in the past and I'll keep the situation quiet as it was quite a long (years) ordeal and while I certainly wasn't the one responsible I knew the person who was (and lost contact many years ago)… Besides, it is quite irrelevant as it was fixed years ago. The real problem is mostly this: spiders, mirroring (and spiders do exactly that) and in general if you make something public and anyone or anything notices it, you'll need a lot of luck making it not public (especially something like this where there's bound to be MANY interested in it…).

      So no, this has nothing to do with Graham but rather has everything to do with human nature both indirectly (BBC, blunder) and directly (those abusing said blunder).

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.