January 22, 2018
80% of those email addresses had related password details
In excess of a million email addresses and hacked credentials taken from some of the UK’s foremost legal firms are floating around on the dark web, according to a new report.
To be precise, security outfit RepKnight reckons that it found almost 1,160,000 email addresses drawn from the top 500 UK legal firms, with the largest company having over 30,000 email addresses exposed on the dark web.
More worrying was the fact that 80% of those email addresses had been exposed via third-party security breaches which also contained password details – with the latter often in plaintext (i.e. not encrypted or protected in any manner).
Almost all of these details had been exposed by big third-party data breaches, incidentally. Even if the emails aren’t linked to passwords – or those passwords are properly encrypted – cybercriminals can use the email addresses themselves to potentially launch targeted spear phishing attacks with the goal of obtaining a password.
No one is safe
Patrick Martin, cybersecurity analyst at RepKnight, commented: “The truth is that no company in the world is safe from the threat of the dark web. The top 500 law firms RepKnight analysed almost certainly haven’t done anything wrong cybersecurity-wise, but all it takes for a breach to occur nowadays is for a single employee to accidentally fall for a phishing email or send sensitive data via email accidentally to the wrong person. It’s almost impossible to prevent.