Emails and passwords from the UK's top 500 law firms have been dumped in the Deep and Dark Web. Over 80% of these were linked to leaked passwords.
This is yet another incident that proves:
1. you are only as secure as the weakest link in your supply chain
2. professionals use their work emails to sign up for social sites (and probably other not so savory places --- i.e. hacking sites, dating sites, etc...)
With so many moving pieces, organizations need an outside-in approach to securing their domains against attacks.
4iQ Monitors thousands of dark web sites, hacktivism forums, and black markets daily for stolen credentials, leaked personal information and confidential documents and alerts people and companies when information has been compromised.
“Legal firms have access to some of the most sensitive data imaginable about their clients – whether corporate or private. And just like any other company, they hold personal information about their employees, such as home address, contact details, bank account numbers and pension information.” Researchers analyzed the “dark web footprints of domains belonging to the top 500 law firms in the UK, and discovered details of over 1 million hacked, leaked or stolen credentials being circulated online – an average of 2,000 email addresses per firm.” Every firm had at least 1 credential exposed, with the largest one accounting for 30,000 leaked email addresses. Most of this data made it to the dark web because legal professionals used their work emails to sign up for websites and services (like LinkedIn, MySpace, Tumblr, etc) that were later breached.