Data Breach at American Bar Association exposes credentials of over 1.4 million members

Last week, the American Bar Association (ABA) began notifying members of a data breach after cybercriminals gained access to a part of its network last month.

The association said the attack was discovered on March 17. During the investigation, ABA discovered that the intruders accessed and potentially stole login credentials (usernames and hashed and salted passwords) used before 2018.

"The investigation determined that an unauthorized third party gained access to the ABA network beginning on or about March 6, 2023, and may have acquired certain information,” the notice reads.

"On March 23, 2023, the investigation identified that an unauthorized third party acquired usernames and hashed and salted passwords that you may have used to access online accounts on the old ABA website prior to 2018 or the ABA Career Center since 2018."

1,466,000 members should watch out for phishing and credential-stuffing attacks

While the security breach affected only user credentials associated with a previous version of the ABA website (now decommissioned) and the career center website, members who did not update their password during the 2018 transition should do so now; a determined cybercriminal could attempt to bypass password encryption.

“To be clear, the passwords were not exposed in plain text. They were instead both hashed and salted, which is a process by which random characters are added to the plain text password, which is then converted on the ABA systems into cybertext,” ABA explained.

Users should review and reset passwords for any other accounts that used the same login credentials.

The legal organization also said there is currently no indication that threat actors misused the stolen information.

Data breaches can turn into a nightmare for victims, from loss of privacy and money or even reputational damage.

Use Bitdefender Digital Identity to continuously monitor for exposed personal info on the web. Whenever your data shows up in legal or illegal data collections on the internet, the dedicated identity protection tool will inform you so you can immediately minimize risks.

Find out more about our security and identity protection solutions here.