Please ensure Javascript is enabled for purposes of website accessibility
October 2, 2023

PSA: Change Your AICPA Password NOW (UPDATE)

lame stock photo of a hacker

Who penetrates networks in the dark with a hood over their head? Silly.

h/t @cbriancpa for tweeting this story out

Hackers are claiming they gained access to a database with more than 140,000 emails and passwords from the AICPA according to Cybernews, the only outlet reporting on this as yet. We have reached out to the AICPA to confirm.

Attackers announced the breach on a popular hacking forum, saying they have a database with over 140k user data. Threat actors attached samples of the data as proof of legitimacy.

Sample data investigated by the Cybernews research team suggest that the dataset might include login details of people from all over the world, as many emails end with different country code top-level domains.

via cybernews

There’s not much information and I’m not about to go digging around on hacker forums to find it. The AICPA has 689,000 members so it doesn’t appear everyone’s information was compromised, go ahead and change your password on just to be safe (Ed. note: according to a statement provided by the AICPA which you can find below, the emails and passwords “appear to be from previously disclosed breaches of other, unrelated organizations” and are not connected to AICPA & CIMA).

This wouldn’t be the first time the AICPA has been compromised. In 2018, nefarious individuals gained access to the AICPA’s Twitter account and tweeted some crypto scam nonsense.

screenshot of the AICPA's compromised Twitter account

While I have you, allow me to take a moment to remind you not to reuse passwords, your logins should be different for every site. And don’t use common or PII passwords (name + birth year, for example).

I’d say use a password manager but apparently those aren’t safe anymore either.

Update: an AICPA spokesperson provided us with a statement on the Cybernews report:

We became aware of the CyberNews article earlier this week. Our IT incident response team began immediate assessment and testing of the allegedly compromised trove of emails and passwords, enlisting third-party cybersecurity firms as part of that process. We’ve concluded the hacked emails are not connected to AICPA & CIMA. They appear to be from previously disclosed breaches of other, unrelated organizations.

Unfortunately, hacking scams are increasingly common for organizations large and small. We spend a lot of time investing in our own cybersecurity to keep our members’ data safe and to provide the accounting profession with best practices and resources to support it in this area.

Change your password anyway! You can also use haveibeenpwned to check if your email has been in any known data breaches.

Latest Accounting Jobs--Apply Now:

Have something to add to this story? Give us a shout by email, Twitter, or text/call the tipline at 202-505-8885. As always, all tips are anonymous.


  1. This is just the latest data point showing that the AICPA desperately needs new/better leadership. This organization isn’t just sitting around watching the death of the accounting profession, they are actively contributing to it.

Comments are closed.

Related articles

Obvious Figure of the Day: 95% of Hiring Managers Are Having Trouble Finding Finance and Accounting Talent

Fun number of the day: 95%. That’s the percentage of hiring managers in finance and accounting having trouble finding skilled talent according to recent Robert Half research. The figures come from a survey of hiring managers and employees from small (20-249 employees), midsize (250-499 employees) and large (500-plus employees) private, publicly listed and public sector […]

Toronto skyline

Marcum Didn’t Let a Little License to Practice Stand in the Way of Providing Professional Services in Ontario

We didn’t get around to writing up this September 25 news release from CPA Ontario last week, better late than never. Here’s what happened: Ontario public accounting licensing body CPA Ontario reached an out-of-court settlement with Marcum LLP resolving allegations of multiple instances of US Marcum partners performing work in Ontario — including issuer audits […]