Over 1.1m E-Mail Addresses of Top UK Law Firms Found Dumped on Dark Web

Over a million stolen e-mail addresses belonging to top 500 law firms in the UK were found dumped on the Dark Web, including 80,000 credentials stolen from select Magic Circle firms.

Stolen credentials found on the Dark Web were obtained by hackers after compromising third-party sites like LinkedIn or Dropbox where employees posted their e-mail addresses.

The stolen credentials were discovered by security firm RepKnight using a specialised Dark Web monitoring tool named BreachAlert. Using the tool, the firm observed the presence of over 1 million e-mail addresses belonging to employees at the top 500 law firms in the UK. As many as 30,000 stolen e-mail addresses on the Dark Web belonged to a single law firm.

According to RepKnight, these e-mail addresses were obtained by cyber criminals by compromising third-party websites like Dropbox and LinkedIn that store sensitive personal information of millions of users. The fact that these credentials were stored on the Dark Web points to the fact that they might be used by hackers to conduct phishing attacks on victims in the near future.

‘The top 500 law firms RepKnight analysed almost certainly haven’t done anything wrong cybersecurity-wise, but all it takes for a breach to occur nowadays is for a single employee to accidentally fall for a phishing email or send sensitive data via email accidentally to the wrong person. It’s almost impossible to prevent,’ said Patrick Martin, cybersecurity analyst at RepKnight

‘The data we found represents the easiest data to find– we just searched on the corporate email domain. A far bigger issue for law firms is data breaches of highly sensitive information about client cases, customer contact information, or employee personal info such as home addresses, medical record and HR files. That’s why – in addition to securing their networks – every firm should be deploying a Dark Web monitoring solution, so they can get alerted to leaks and breaches immediately,’ he added.

Even though the revelation has raised eyebrows across the UK, many in the cyber security industry aren’t surprised. In March last year, research by AXELOS revealed that despite processing a lot of sensitive data, law firms in the UK were highly vulnerable to cyber-attacks due to lack of appropriate cyber resilience strategies.

By then, as many as 73 of the UK’s top 100 law firms were targeted by cyber-attacks, compared to just 45 in 2013-14. 84% of the 73 firms later admitted that they had been victims of phishing attacks as well.

‘First, they [law firms] need to assess how they can harden their networks against their critical vulnerabilities, and secondly, they need to educate their people through ongoing, engaging and practical cyber awareness learning. This is the best way to ensure the sector is fully prepared to protect its clients’ most valuable information,’ said AXELOS head of cyber resilience Nick Wilding.

According to James Romer, EMEA Chief Security Architect at SecureAuth, the fact that credentials of hundreds of thousands of employees at top law firms in the UK are being easily obtained by hackers ‘reinforces the weaknesses of password-based security’.

‘Any organisation relying only on passwords and usernames as an authentication protocol is being fundamentally irresponsible. Even two-factor authentication isn’t sufficient as malware and basic phishing attacks can readily be used to extract the one-time-passwords from users and/or devices.

‘Modern security depends on adaptive measures that keep hackers guessing. It is important to layer such technology with adaptive authentication methods, such as IP reputation, phone number fraud prevention capabilities or behavioural biometrics. Effective security depends on layers,’ he said.

This article first appeared on January 23, 2018 at TEISS

SecureAuth Identity Platform Adaptative Authentication

Identity and Access Management

Empower your digital initiatives with secure access for everyone and everything connecting to your business

Product Features

Adaptive Authentication

Extend verification of a user identity with contextual risk checks

Multi-Factor Authentication

Leverage a broad portfolio of authentication factors for desktop and mobile

Intelligent Risk Engine

Protect your identities with advanced risk profiling analytics

Single Sign-On

Provide app discovery and one-click login through portal or desktop SSO

User Lifecycle Management

Enable admins with strong CRUD capabilities and users with self-service tools

Secure All Identities


Customer Identities

Deliver a frictionless customer experience safeguarding user data and privacy


Workforce Identities

Govern and control access rights for employees, partners, and contractors

Moving Beyond Passwords

Learn how passwords alone no longer provide the appropriate level of protection, nor confidence, required to secure valuable resources


Passwordless Authentication

Reduce the risk of breaches by eliminating passwords

2FA is Not Enough

Block popular phishing and brute force attacks used by bad actors

Protecting Office 365

Extend adaptive authentication and flexible MFA to all apps including Office 365

Securing Portals and Web Apps

Balance strong security and an exceptional user experience

RSA Migration

Transition to a modern identity and access management solution



Financial Services


Energy and Utilities

Public Sector


White Papers


Recorded Webinars

Analyst Reports

Innovation Labs


Support Portal

Events & Webinars



Calculate Your Savings

Lower support costs by enabling your users the control to reset passwords, account unlocks, device enrollment and update profiles

Meet SecureAuth

About SecureAuth