Ride the Lightning

ABA Reports That 1.5 Million Member Accounts Were Hacked

April 25, 2023

Bloomberg Law reported on August 21 that a hacker stole 1.5 million American Bar Association account usernames and passwords in March.

The security breach of ABA’s network affected account information used to access the association’s pre-2018 website and the career center website, the ABA stated in an email to affected account holders. Stolen passwords were encrypted, according to the ABA.

The ABA is advising users who didn’t change their credentials during the 2018 transition to a new website log-in platform to update their passwords.

Information in member profiles—which generally can include members’ names, addresses, contacts, bar admissions, education, demographics, and credit card data—wasn’t stolen or accessed, an ABA spokesperson said.

There is “no indication” that the personal information of account holders was misused by the hacker, the ABA said.

“To be clear, the passwords were not exposed in plain text. They were instead both hashed and salted, which is a process by which random characters are added to the plain text password, which is then converted on the ABA systems into cybertext,” Annaliese Fleming, senior associate executive director and general counsel for ABA, wrote.

The ABA said it removed the unauthorized actor and is reviewing its network security configurations.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson