The American Bar Association suffered a data breach affecting 1.5 million lawyers who use their website, according to Reuters. On Thursday, April 20, the ABA posted on their website and in an e-mail to members that the breach exposed usernames and passwords that had been used to log in to the site they had used prior to 2018, as well as their current Career Center site.
According to a bulletin posted on their website, the ABA states that they had noticed unusual activity on March 17. Immediately, they activated their incident response plan. Their investigation found that the threat actor had gained access around March 6.
According to the American Bar Association's post, "To be clear, the passwords were not exposed in plain text. They were instead both hashed and salted, which is a process by which random characters are added to the plain text password, which is then converted on the ABA systems into cybertext."
The ABA encourages members to change their credentials moving forward out of caution.