Back to Blog

UK law firms have leaked over a million email addresses (most with passwords) online

January 23, 2018

By: mirabiliscorp


By Darren Allan

January 22, 2018

80% of those email addresses had related password details

In excess of a million email addresses and hacked credentials taken from some of the UK’s foremost legal firms are floating around on the dark web, according to a new report.

To be precise, security outfit RepKnight reckons that it found almost 1,160,000 email addresses drawn from the top 500 UK legal firms, with the largest company having over 30,000 email addresses exposed on the dark web.

More worrying was the fact that 80% of those email addresses had been exposed via third-party security breaches which also contained password details – with the latter often in plaintext (i.e. not encrypted or protected in any manner).

Almost all of these details had been exposed by big third-party data breaches, incidentally. Even if the emails aren’t linked to passwords – or those passwords are properly encrypted – cybercriminals can use the email addresses themselves to potentially launch targeted spear phishing attacks with the goal of obtaining a password.

No one is safe

Patrick Martin, cybersecurity analyst at RepKnight, commented: “The truth is that no company in the world is safe from the threat of the dark web. The top 500 law firms RepKnight analysed almost certainly haven’t done anything wrong cybersecurity-wise, but all it takes for a breach to occur nowadays is for a single employee to accidentally fall for a phishing email or send sensitive data via email accidentally to the wrong person. It’s almost impossible to prevent.


Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

Follow us


Contact Us
First Name*
Last Name*
Mobile Number*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
I agree to the Privacy Policy and Terms of Service.