Attackers claim to have stolen 140k AICPA accountants’ emails and passwords

Threat actors say they have a database with over 140k email addresses and corresponding passwords from the American Institute of Certified Public Accountants (AICPA). The organization said hacked emails did not belong to them.

Attackers announced the breach on a popular hacking forum, saying they have a database with over 140k user data. Threat actors attached samples of the data as proof of legitimacy.

Sample data investigated by the Cybernews research team suggest that the dataset might include login details of people from all over the world, as many emails end with different country code top-level domains.

On Tuesday, we reached out to AICPA via a form on the organization’s website.

“Our IT incident response team assessed the allegedly compromised trove of emails and passwords, enlisting third-party cybersecurity firms as part of that process. We’ve concluded the hacked emails are not connected to the AICPA. They appear to be from previously disclosed breaches of other, unrelated organizations,” the organization told Cybernews in a written statement on Thursday.

Losing account login details creates significant security risks as attackers may take over an exposed account. Threat actors might also comb the web to find if affected users reuse the same password on other accounts.

AICPA leak
Attackers announcing the leak. Image by Cybernews.

Creating a strong password is an essential step to safeguard against unwanted attention. Users are advised to use multi-factor authentication (MFA) and avoid reusing passwords on multiple accounts.

Our research team has also combined a list of the weakest passwords, so you would know what type of mistakes to avoid.

AICPA is the national professional organization for Certified Public Accountants (CPAs) in the US. The organization also develops accounting standards and promotes international convergence.

AICPA has over 420k members in 130 countries, as non-US accountants dealing with American companies might need to pass exams to qualify as CPA.

More from Cybernews:

US ramps up space cyber defenses eyeing private businesses

Norton, Avira, Avast, AVG affected by a privilege escalation bug

Severance for fired Twitter employees? More like settlement agreements, lawyer says

Maritime software company admits to cyberattack

Lawtech entrepreneur offers to pay $1M for using AI in court

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked