American Bar Association reports data breach

Share post:

The American Bar Association (ABA) has announced a data breach that exposed the identities, hashed and salted passwords, and email addresses of over a million members.

On March 17, 2023, it found illegal third-party access and launched an incident response strategy, enlisting the help of external cybersecurity specialists to investigate. The investigation, which was finished on March 23, 2023, found that the threat actor had gained access to a decommissioned server around March 06, 2023, and collected specific client information. There was no evidence that the threat actor took any further personal information or misappropriated the disclosed data.

Despite the fact that the user credentials were hashed and salted, many users may have reused them on the new ABA website, putting their new accounts at risk. The ABA has recommended impacted customers to update their login information, including on other sites where the compromised user credentials are being used, and to enable multi-factor authentication where available.

In addition, to prevent future instances, the ABA has implemented additional security measures, such as removing the attacker from the systems and examining its network configurations. However, security experts have warned that if a weak hashing algorithm such as MD5 or SHA-1 was used, the leaked user credentials could still be cracked.

The sources for this piece include an article in CPOMAGAZINE.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways