1. Home
  2. Advertising
  3. 1.4 Billion Leaked Passwords Are on the Dark…

This article is advertising content.

A Message From Thomson Reuters Small Law

1.4 Billion Leaked Passwords Are on the Dark Web--Are Your Firm's Among Them?

  •  
  •  
  •  
  • Print

There’s an under-reported issue that should alarm you: Chances are the credentials of someone at your law firm are floating around the dark web. Consider these recent reports by cybersecurity firms:

  • In December, 4iQ discovered a file on the dark web with 1.4 billion clear-text credentials – in layman’s terms that means log-in information, like emails and their passwords, which anyone can read.1

  • In January, RepKnight found 1.16 million addresses from London’s largest firms and 80% of them - that’s about 930,000 - came with passwords. What might RepKnight have discovered if they were looking for the credentials of U.S. law firms?

Here’s why this is a big deal: The dark web is where cyber criminals share information, and when cyber criminals have your emails and passwords, it’s a breeze for them to:

  • Steal confidential information. You may think that you don’t have anything that would interest hackers – but any private information, like social security numbers, is valuable. So are your matter details. Consider the case of three men, who according to the The New York Times2 , made millions by breaching emails of partners at two prestigious law firms. These emails revealed merger and acquisition details which they used to purchase stock that they sold after the deals were announced.

  • Install ransomware which blocks access to your computer until you pay a ransom. Although, calling it a “ransom” is a misnomer because even if you pay there’s no guarantee you’ll get your data back – about half who pay don’t, according to the CyberEdge Group, a high-tech research and marketing firm.3 Worse yet, paying the ransom could break the law should the cybercriminals be connected to a sanctioned criminal organization or nation-state, according to Paul Rosen, former chief of staff of the Department of Homeland Security.4

Regardless of whether you pay, ransomware can be very expensive. Moses Afonso Ryan, a 10-lawyer Rhode Island firm, lost $700,000 in billings to ransomware that disabled their computer network for three months.

So what can you do to protect yourself?

  • Start backing up your files outside of your own server because:

    • On-premise servers are attacked more than twice as much as vendor-based servers.5

    • You may overlook remote files when you’re only focused on what’s in the office. Consider the thoughts of Steve Piper, co-founder and CEO of CyberEdge Group, a research and marketing firm. He pointed out to Legaltech News that remote devices just aren’t backed up as frequently as others. Piper also points out that backing up all your files – on-premise and remote – takes away the power of the cybercriminals.

      “If you back up your devices, when you’re affected by ransomware or ransomware locks the data, then you can wipe the disk clean, reimage the disk, and restore your data,” he explains.

      In other words, you’ll keep moving forward without missing a beat or having to pay a dime.


    The easiest way to achieve this is by backing up your files into the cloud, which these days can provide far higher security at a much better value than an on-premise system. Find out more details and what to look for here: Is Your Law Firm Safe? Five Most Important Cloud Security Measures and Cloud Computing for Small Law Firms.

  • Install a password manager now. These create long and complicated passwords for all of your online accounts; all you need to do is remember a single password. Consumer Reports recommends using brands like 1Password, Dashlane, KeePass, and LastPass.6

You’ve been warned. Now it’s up to you to do something about the very real risk that you (and your firm) faces. Know that by choosing not to act it’s all too easy for hackers to access your client data and everything that your law firm depends on. Is that a risk you’re willing to take? Find out more about how to optimally protect yourself, take a minute to check out: Is Your Law Firm Safe? Five Most Important Cloud Security Measures and Cloud Computing for Small Law Firms.

1Casal, Julio. “1.4 billion Clear Text Credentials Discovered in a Single Data Breach,” December 8, 2017.
https://medium.com/4iqdelvedeep/1-4-billion-clear-text-credentials-discovered-in-a-single-database-3131d0a1ae14

2Picker, Leslie. “3 Men Made Millions.” The New York Times, December 27, 2016.

3Dipshan, Rhys. “Biggest Gamble After a Ransomware Attack? Actually Paying the Ransom.” Legaltech News, March 16, 2018.

4Ibid.

5Alert Logic

6Chaikivsky, Andrew. “Everything You Need to Know About Password Managers,” Consumer Reports, February 7, 2017.

This content is advertising.

Give us feedback, share a story tip or update, or report an error.