Worryingly, the research goes on to claim that 80% of the addresses discovered on the internet’s answer to Stranger Things contained unencrypted passwords. “Cybercriminals could potentially use these passwords to gain access to other private data, like employees’ online banking or social media, via ‘credential stuffing’ or spear phishing attacks, because more than 80% of people tend to re-use their password,” warns the report.
Magic circle IT teams will be relieved to know most this data was not extracted from the firms’ systems themselves (though we doubt this will console the lawyers affected). The report continues:
“Almost all of the credentials were from third-party breaches, where a corporate email address had been used on a site like LinkedIn or Dropbox, and that site was subsequently compromised.”
The eye-catching findings come nearly seven months after global giant DLA Piper was rocked by a ransomware attack. At the time, Legal Cheek reported that hackers had taken the firm’s computer systems and phones offline using malicious software.
Awkwardly, the attack came just weeks after the firm published a BuzzFeed-style guide to clients entitled ‘9 things you should know to protect your company from the next attack’.”
Source Legal Cheek https://www.legalcheek.com/