Criminals already have access to credentials. Will sufferers have enough time to safeguard their sensitive data?
Hackers have breached the American Bar Association’s (ABA) network to obtain the outdated login information of 1,466,000 members. The breach could potentially expose the personal data of lawyers and judges across the United States.
The ABA is the largest bar association in the world, boasting 166,000 active members as of 2022. Apart from providing ongoing education and support to attorneys and judges, the association also undertakes projects aimed at improving the American legal system.
Members of the ABA were recently informed that an attacker had been discovered on the association’s network on March 17th. The criminal obtained member credentials from an obsolete system that was shut down in 2018. The association quickly reported the incident to law enforcement, and external cybersecurity experts were called in to investigate the matter. The breach highlights the importance of keeping outdated systems secure to prevent unauthorized access to sensitive information.
Here’s what was written in the letter:
“An unknown third party acquired login credentials, including hashed and encrypted passwords that you may have utilized to get into online accounts on the old ABA portal before 2018.”
The attackers were able to access the ABA’s network and obtain the outdated login information of its 1,466,000 members, which includes hashed and salted passwords. However, criminals can still carry out a de-encryption process to access some of the accounts, especially if members haven’t updated their passwords in years.
Prompt password changes and the implementation of two-factor authentication (2FA) are crucial in protecting the login details of ABA members. The platform’s owners should also initiate a password reset for all users to ensure that all accounts are secure, despite the scale of the breach.
The use of the same login credentials for multiple services can pose a significant problem, as attackers could gain access to the victim’s other accounts. It’s essential for ABA members to use unique passwords for each service and implement 2FA where possible to increase the security of their accounts.
As the criminals obtained personal data, ABA members were warned to be cautious when opening emails purportedly sent by the organization. The data could be used by scammers to create convincing emails to lure victims into downloading malware or providing additional sensitive information.