Millions of email addresses plus hacked credentials taken from many of the UK foremost legal firms are now floating around on the dark web, based on the new report.
Precisely, security outfit RepKnight said it found about 1,160,000 email addresses that were drawn from the top UK law firms, with the largest having more than 30,000 email addresses exposed on dark web.
The most worrying part of it is that 80 percent of the email addresses were exposed via third-party security breaches with password details – with the password details often in plaintext (not protected or encrypted in any form).
Incidentally, almost all of the details had been leaked by big third-party data breaches. Even if those email addresses aren’t linked with passwords – or the passwords are protected or encrypted properly – cybercriminals can still use the email addresses to potentially launch targeted spear phishing attack to obtain a password.
If email addresses and password details can be leaked by law firms, no one is safe!
You think you know more about email address and passwords? A cybersecurity analyst at RepKnight, Patric Martin said: “The truth is that all company in the world are not safe from the threat of the dark web. Those top 500 legal firms when RepKnight analyzed them have almost done nothing wrong cybersecurity-wise, but it only takes a single employee nowadays to fall for phishing email or accidentally send sensitive data through email to a wrong person for a breach to occur. And it’s almost impossible to prevent.
“The data found are the simplest data to find because we just searched on the corporate email domain. The more pressing problem for law firms is the breaches of highly sensitive data about customer contact information, client cases and employee personal information like a medical record, home address, and HR files.”
Martin recommends that every company should operate a ‘dark web monitoring’ to be alerted to any credential leak if they spilled into the dark net corners.