A Law Firm’s Abandoned Domain Name Can Get Used By Hackers

Security experts warn that when a law firm abandons an internet domain name (e.g. by way of a merger or by winding down), that name can be re-registered by someone else, and that someone else then has immense power to steal information and do potentially catastrophic damage. The hacker could, for example, take control of the firm’s former email services, and/or gain access to or reset passwords for online services or portals. Under some scenarios, this could allow access to stored documents and financial and personal information, including information about clients, privileged and otherwise. This post includes a detailed explanation of how this might occur and what it involves, and concludes with a list of practical tips on how a law firm, or any business that takes a new domain name, can head off the problem. Among the suggestions: Keep renewing the former firm’s domain name indefinitely,  and close all user accounts (e.g. Dropbox and PayPal) that were registered with the old email address.