- Hikvision’s Million Spy Contract in China - August 21, 2023
- IT Hero Foils Extortion, Pays Dearly - August 21, 2023
- A BMW Shipped to EU With Backdoors Installed by Hackers as Part of the APT29 Group’s New Strategy - August 21, 2023
The American Bar Association (ABA) has experienced an information leak as a result of hackers infiltrating its network and gaining access to 1,466,000 members’ old login passwords.
The American Bar Association (ABA) holds the distinction of being the world’s largest organization of lawyers and legal professionals, with over 166,000 members as of 2022. Apart from providing legal services and continuing education to its members, the ABA also takes on projects to improve the American legal system.
On March 17th, 2023, the ABA detected unusual network activity and promptly launched its emergency response plan. The investigation revealed that an unauthorized third party gained access to the ABA network on or around March 6th, 2023. The ABA later disclosed that this individual had obtained usernames and hashed and salted passwords that were used to access online accounts on the previous ABA website before 2018 or the ABA Career Center after 2018.
In an email sent to affected members and obtained by BleepingComputer, the ABA clarified that no business or personal data was compromised during the incident. However, concerns were raised about the potential misuse of login credentials. The ABA disclosed that the breach impacted 1,466,000 members.
Despite not being a ransomware attack, the ABA was swift in responding to the breach, bringing in cybersecurity experts to aid in the investigation. The organization continues to monitor the situation and urges members to change their login credentials as a precaution.
What are ABA members advised to do?
The ABA advises members to modify their passwords for both this website and any other websites that share the same login information.
All ABA members are cautioned to keep an eye out for spear-phishing emails that pretend to be from the ABA since threat actors might exploit them to get access to more personal information.