Researchers have discovered file dumps in the Dark Web containing close to 1.2 million email addresses and credentials from the UK's top law firms.
On Monday, cybersecurity firm RepKnight released a whitepaper detailing the research. In total, 1,159,687 email addresses were found in the dumps and 80 percent of the addresses were connected to leaked passwords. To make matters worse, the passwords were often stored in plaintext.
The information dumps, discovered by the team in both the Internet's underbelly and on paste sites, represents an average of 2,000 compromised credentials per company.
The largest law firm accounted for 30,000 leaked email addresses alone.
According to RepKnight, the majority of the credentials do not appear to have been stolen directly from the legal companies but were collated from third-party data breaches.
However, over half of the data dumps were posted in the last six months.
Email and password combinations which are used on websites such as LinkedIn, as well as other domains including corporate networks, can be used by attackers to slip past business defenses.
In 2012, LinkedIn suffered a data breach resulting in the exposure of 117 million accounts. If victims were not aware of this security incident and did not change their credentials, then it may be that these email and password combinations are still valid -- placing other accounts at risk.
Given this data, threat actors can infiltrate corporate networks using legitimate credentials, avoiding detection. The information may also prove fruitful for phishing attacks as malicious emails can be sent from legitimate addresses.
"The data we found represents the easiest data to find -- we just searched on the corporate email domain," said Patrick Martin, cybersecurity analyst at RepKnight. "A far bigger issue for law firms is data breaches of highly sensitive information about client cases, customer contact information, or employee personal info such as home addresses, medical record and HR files. That's why -- in addition to securing their networks -- every firm should be deploying a Dark Web monitoring solution, so they can get alerted to leaks and breaches immediately."
Previous and related coverage
The deal is designed to offer better security solutions for SMBs.
The Trojan is back with a new technique to avoid detection by email gateways.
The bug bounty highlighted serious security issues in the Pixel smartphone.