Hackers Access 1.4 Million ABA Members’ Credentials

The largest association of lawyers and legal professionals, the American Bar Association (ABA), has suffered a data breach after hackers compromised its network and gained access to credentials for 1,466,000 members. The ABA notified members that a hacker was detected on its network on March 17, 2023, and may have gained access to members’ login credentials for a legacy member system decommissioned in 2018. On March 23, 2023, the investigation notified ABA’s members that an unauthorized third party acquired usernames and hashed and salted passwords they may have used to access online accounts on the old ABA website or the new ABA Career Center. “Hashed and salted” means that these credentials were converted into cybertext by adding random characters to the plaintext password. Despite hashing and salting, it is still possible for threat actors to dehash the passwords over time. 

There is a concern that some members may have used the same login information for the new member system, which could potentially allow hackers to gain access to the current ABA membership portal. If these login details are also used on other websites, it is possible that the hackers could access those accounts too. To prevent this from happening, the ABA is advising members to change their passwords immediately if they have used the same password for multiple accounts. Furthermore, the ABA is cautioning its members to be on the lookout for spear-phishing emails that impersonate the ABA, as these could be used by threat actors to gain access to personal information.