Technologist - The FindLaw Legal Technology Blog

930,000 Law Firms Passwords Exposed

When Yahoo disclosed last year that 1.5 billion accounts were hacked, it may not have troubled law firms that had their own email accounts.

The problem is that one hack leads to another, and now 1.16 million law firm email addresses have been compromised on the dark web. What's worse, 80 percent of them included their passwords.

It is a major cybersecurity issue for the 500 law firms affected in London, but what does that mean to American lawyers? It means it is likely only a matter of time before your email is hacked, too.

You've Been Hacked, Maybe

Truth be told, your email may have been hacked already. Yahoo didn't figure it out for years, and other major internet players haven't figured it out yet.

With companies like Equifax, consumers are learning almost every day that their private information is being bought and sold to identity thieves on the dark web. Lawyers should remember that clients are customers, too.

Even if law firm accounts are seemingly hack-proof, lawyers open back doors to the office all the time. It happens when they use third-party companies, like LinkedIn.

Not to pick on the popular site, but in case anybody forgot, it was hacked six years ago. Four years later, 117 million LinkedIn passwords showed up for sale on the black market.

Encrypted Email, Everyone?

It really isn't a question anymore, whether you should use encrypted email. The American Bar Association pretty much said so, encouraging lawyers to evaluate their cybersecurity measures.

"[F]act-based analysis means that particularly strong protective measures, like encryption, are warranted in some circumstances," the Standing Committee on Ethics and Professional Responsibility said.

Across the pond, London's barristers are now dealing with identity thieves who can use their information to do more damage -- like spread malware and hold client information and accounts hostage.Yeah, it's that bad.

And where did those hackers get the firms' email and passwords? According to Infosecurity Magazine, most of it came from the LinkedIn hack.

Related Resources: