Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Top UK Law Firms – Log-in Credentials Leaked on the Dark Web

January 23, 2018

ZDNet reported that researchers have discovered file dumps in the Dark Web containing close to 1.2 million e-mail addresses and credentials from the UK's top law firms.

On January 22nd, cybersecurity firm RepKnight released a whitepaper detailing the research. In total, 1,159,687 e-mail addresses were found in the dumps and 80 percent of the addresses were connected to leaked passwords. Worse yet, the passwords were often stored in plaintext.

The information dumps represents an average of 2,000 compromised credentials per company. The largest law firm accounted for 30,000 leaked e-mail addresses alone.

Readers, note this well: According to RepKnight, the majority of the credentials do not appear to have been stolen directly from the law firms but were collated from third-party data breaches. However, over half of the data dumps were posted in the last six months.

Given this leaked data, the bad guys can infiltrate corporate networks using legitimate credentials, potentially avoiding detection. The information may also prove useful for phishing attacks as malicious e-mails can be sent from legitimate addresses.

"The data we found represents the easiest data to find — we just searched on the corporate email domain," said Patrick Martin, cybersecurity analyst at RepKnight. "A far bigger issue for law firms is data breaches of highly sensitive information about client cases, customer contact information, or employee personal info such as home addresses, medical record and HR files. That's why — in addition to securing their networks — every firm should be deploying a Dark Web monitoring solution, so they can get alerted to leaks and breaches immediately."

For large law firms, this is very good advice indeed.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Top UK Law Firms – Log-in Credentials Leaked on the Dark Web

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer