Phishing scams and data theft loom as more than 80,000 lawyer credentials found online
Internet boffins claim to have discovered a whopping 1,159,687 email addresses from the top 500 UK law firms on the Dark Web, approximately 80,000 of these from magic circle outfits.
The figures, produced by security outfit RepKnight, represent an average of 2,319 email addresses per firm. However one unnamed firm had just over 30,000 of its email addresses dumped on the Dark Web, a section of the internet that exists on an encrypted network and cannot be found using traditional browsers such as Google Chrome or Safari.
Worryingly, the research goes on to claim that 80% of the addresses discovered on the internet’s answer to Stranger Things contained unencrypted passwords. “Cybercriminals could potentially use these passwords to gain access to other private data, like employees’ online banking or social media, via ‘credential stuffing’ or spear phishing attacks, because more than 80% of people tend to re-use their password,” warns the report.
Magic circle IT teams will be relieved to know most this data was not extracted from the firms’ systems themselves (though we doubt this will console the lawyers affected). The report continues:
“Almost all of the credentials were from third-party breaches, where a corporate email address had been used on a site like LinkedIn or Dropbox, and that site was subsequently compromised.”
The eye-catching findings come nearly seven months after global giant DLA Piper was rocked by a ransomware attack. At the time, Legal Cheek reported that hackers had taken the firm’s computer systems and phones offline using malicious software.
Awkwardly, the attack came just weeks after the firm published a BuzzFeed-style guide to clients entitled ‘9 things you should know to protect your company from the next attack’.