X

1.2 Million Law Firm Email Addresses Listed on Dark Web

Summary: A British cybersecurity company said that over a million UK law firm emails are readily available to find on the Dark Web.

On Monday, a cybersecurity company revealed that over a million law firm emails were floating around the Dark Web. Many of those emails were obtained from third-party breaches, according to RepKnight which released the report.

RepKnight, a UK-based software company, released a white paper on Monday that there were file dumps on the Dark Web that had information from the country’s top law firms. According to the report, 1,159,687 email addresses were listed online, and 80% of those addresses were connected to leaked passwords.

“The data we found represents the easiest data to find — we just searched on the corporate email domain,” Patrick Martin, cybersecurity analyst at RepKnight, told ZD Net. “A far bigger issue for law firms is data breaches of highly sensitive information about client cases, customer contact information, or employee personal info such as home addresses, medical record and HR files. That’s why — in addition to securing their networks — every firm should be deploying a Dark Web monitoring solution, so they can get alerted to leaks and breaches immediately.”

RepKnight said that the majority of the emails and passwords appeared to be hacked from third parties and not taken directly from the law firms. ZD Net said that hackers can bypass law firm security systems and take information from sites such as LinkedIn.

“In 2012, LinkedIn suffered a data breach resulting in the exposure of 117 million accounts. If victims were not aware of this security incident and did not change their credentials, then it may be that these email and password combinations are still valid — placing other accounts at risk,” ZDNet wrote. “Given this data, threat actors can infiltrate corporate networks using legitimate credentials, avoiding detection. The information may also prove fruitful for phishing attacks as malicious emails can be sent from legitimate addresses.”

RepKnight’s research showed that on average, 2,000 emails were leaked per UK firm.

While the majority of law firms list their staff and attorneys’ emails online anyway, RepKnight’s report is troubling because the emails listed on the dark web were also accompanied by passwords. However, it is noted that even without passwords, hackers can use email addresses to phish or impersonate someone.

Cybersecurity is a huge issue for law firms. Law firms have huge amounts of electronic data, which includes contracts, bank records, and medical records, and hackers frequently target them for this reason. While most major law firms have some sort of cybersecurity system in place, they can still be susceptible to attacks.

What do you think of RepKnight’s report? Let us know in the comments below.

Teresa Lo: