The American Bar Association said last night that an unauthorized hacker gained access to the ABA network and may have acquired usernames and salted and hashed passwords that members would have used to access a prior version of the website.
In a statement, the ABA said:
“On March 17, 2023, the ABA observed unusual activity on its network. The association immediately activated its incident response plan and retained outside cybersecurity experts to assist with the investigation. The investigation determined that an unauthorized third party gained access to the ABA network and may have acquired usernames and salted and hashed passwords to access accounts on a prior version of the ABA website, which was replaced by a new platform in 2018. These older usernames and salted and hashed passwords may provide access to the current ABA Career Center. The passwords were not exposed in plain text. For many individuals, the password may have been the default password assigned by the ABA when the account was created. No sensitive personal or financial information was breached.”
Hashing is a method of storing users’ passwords in an encrypted format so they are more secure. Salting is a method of further protecting data from attack by adding random data to the hash function.
The ABA said that it had yesterdday sent notification emails to members with additional information about the incident and steps they can take to monitor and protect their personal information.
The ABA has established a toll-free call center to answer questions about the incident and related concerns. It is 1-888-411-8698, and is available Monday through Friday from 9 a.m.-9 p.m. Eastern Time.