Law Firm report – FAQ

By 24th January 2018News

We’ve had a lot of interest in our report on the Dark Web footprints of the Top 500 law firms, which has been widely reported.  Here are some answers and clarifications to the common questions we’ve been getting.

Have all these law firms been hacked?

No.  As far as we know, none of these law firms has been hacked.

As our report states, “These breaches are not the fault of the law firm, and there’s no suggestion that the firm’s networks have been hacked.”

The vast majority of credentials included in our report originated from breaches of unconnected third-party websites, like Adobe, LinkedIn, DropBox and many others.

I’m a client of one of those law firms.  Should I be worried?

No.  We’ve seen nothing to indicate that any of your data has been breached or lost.

But just like every other company, you’ll probably find many of your email addresses, together with passwords leaked from other sites, are circulating on the Dark Web.  That’s why we think companies should be proactively monitoring for this information.

As a first step, we’d recommend you check at the excellent Haveibeenpwned website to see if your own email address has been compromised.  It’s free, and you can set up alert notifications to let you know of any future breaches too.

If you’d like RepKnight to run a check on your own company domain, please drop us an email at

Why have you picked on the law firms?

Simple.  We’re presenting findings from the report at an IT security conference this week – Securing the Law Firm

We don’t see much of a difference between law firms and any other industry segment – the average mid-size company typically has thousands of credentials exposed.

And we do believe that law firms should be proactively monitoring the Dark Web to see if their data – or their client’s data – has been leaked, hacked, or stolen.

All our email addresses are on our website anyway.  So what’s the big deal?

Around 80% of the 1.16 million email addresses we found were in breaches where a password was also provided.

We hope it’s not the same password that you use for your work account.

But like most people, you’ve probably used the same password across multiple websites.  The bad guys will use automated software to try to login to loads of other sites using those same credentials: Paypal, Ebay, Amazon, you name it.  It’s called “credential stuffing”.

So how would I find out if my company or client data had been breached?

Great question.  We’d recommend proactively monitoring for that information using our BreachAlert web application.  It can be set up in a few minutes, and provides you with instant alerts if any of your search terms turn up on the Dark Web, or hundreds of other dump and paste sites used to exchange leaked, hacked or stolen data.