London Marathon website goof leaks 38,000 contact details

The home addresses and personal email details of some 38,000 participants in Sunday’s London Marathon were exposed for anyone to access on the race’s official website, according to a BBC News report.

According to reports, the private information was free for anyone to access in the section of the website which allowed runners to order commemorative medals.

Celebrities who took part in the race – and whose personal details were presumably available for anyone to access – include celebrity chef Gordon Ramsay, Shadow chancellor Ed Balls, pop singer Will Young, newsreader Sophie Raworth, and stars of TV shows such as Coronation Street and The Only Way is Essex.

A member of the public stumbled across the problem, who then contacted the BBC. The BBC appears to have acted responsibly, informing the London Marathon organiser’s about the problem on Monday evening.

Sign up to our free newsletter.
Security news, advice, and tips.

Nick Bitel, chief executive of the London Marathon, apologised for the security lapse, and said that action was taken immediately to correct the problem.

“We do not believe that this has led to a substantial number of individuals’ details being accessed by members of the public,” Bitel told the BBC.

Nevertheless, questions will be asked as to how the goof could have been allowed to happen.

High profile incidents like this reinforce the need for all website developers to build sites with security in mind. The data you collect about individuals must be secured appropriately – otherwise it could be your organisation making the headlines next time.

The majority of people who take part in the London Marathon do so with the fantastic purpose of raising money for charity – the last thing they deserve is to find their personal information exposed by sloppy security by the organisers.

London Marathon runners image, from ShutterStock

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.