American Bar Association breached, 1.5 million member accounts exposed

The American Bar Association (ABA), a prestigious national lawyer group, confirmed its networks were penetrated last month by an unauthorized third party, compromising the member accounts of 1.5 million attorneys.

The ABA said unusual activity was detected in their network systems on March 17, which triggered an incident response plan and investigation.

The ABA said they recently sent emails to all individuals affected by incident – believed to have taken place around March 6 – to the last known email address on file.

The group said the threat actors had access to the usernames and passwords for two older online accounts.

By March 23, 2023, the ABA investigation revealed that “the unauthorized third party had acquired usernames and hashed and salted passwords that could have been used to access online accounts on the old ABA website prior to 2018 or the ABA Career Center since 2018.”

“To be clear, the passwords were not exposed in plain text,” the ABA said.

“They were instead both hashed and salted, which is a process by which random characters are added to the plain text password, which is then converted on the ABA systems into cybertext,” the ABA notice explained.

“In addition, in many instances, the password may have been the default password assigned to the user by the ABA, if the user never changed that password on the old ABA site,” the association said.

The ABA changed its login platform in 2018 and asked each user to create new credentials, but said there may be some members who used the same credentials for the new site.

The ABA also said there is no indication any personal information compromised in the attacks has been misused, but the group is encouraging individuals to change any passwords which may be the same as or similar to the original password issued.

The ABA said they are “notifying all affected individuals in an abundance of caution.”

The third party has been removed from the ABA network and the cybersecurity experts are reviewing network security configurations, the group said.

The ABA is the country's largest voluntary bar association.

There are 166,000 current members that pay dues, plus as staff of more than 1,000.