Personal details of millions of UK voters were left "vulnerable to hackers" because passwords were not changed and software not updated, the UK's data privacy watchdog has found.