Please ensure Javascript is enabled for purposes of website accessibility

PSA: Change Your AICPA Password NOW (UPDATE)

Posted on by Adrienne Gonzalez
lame stock photo of a hacker

Who penetrates networks in the dark with a hood over their head? Silly.

h/t @cbriancpa for tweeting this story out

Hackers are claiming they gained access to a database with more than 140,000 emails and passwords from the AICPA according to Cybernews, the only outlet reporting on this as yet. We have reached out to the AICPA to confirm.

Attackers announced the breach on a popular hacking forum, saying they have a database with over 140k user data. Threat actors attached samples of the data as proof of legitimacy.

Sample data investigated by the Cybernews research team suggest that the dataset might include login details of people from all over the world, as many emails end with different country code top-level domains.

via cybernews

There’s not much information and I’m not about to go digging around on hacker forums to find it. The AICPA has 689,000 members so it doesn’t appear everyone’s information was compromised, go ahead and change your password on AICPA.org just to be safe (Ed. note: according to a statement provided by the AICPA which you can find below, the emails and passwords “appear to be from previously disclosed breaches of other, unrelated organizations” and are not connected to AICPA & CIMA).

This wouldn’t be the first time the AICPA has been compromised. In 2018, nefarious individuals gained access to the AICPA’s Twitter account and tweeted some crypto scam nonsense.

screenshot of the AICPA's compromised Twitter account

While I have you, allow me to take a moment to remind you not to reuse passwords, your logins should be different for every site. And don’t use common or PII passwords (name + birth year, for example).

I’d say use a password manager but apparently those aren’t safe anymore either.

Update: an AICPA spokesperson provided us with a statement on the Cybernews report:

We became aware of the CyberNews article earlier this week. Our IT incident response team began immediate assessment and testing of the allegedly compromised trove of emails and passwords, enlisting third-party cybersecurity firms as part of that process. We’ve concluded the hacked emails are not connected to AICPA & CIMA. They appear to be from previously disclosed breaches of other, unrelated organizations.

Unfortunately, hacking scams are increasingly common for organizations large and small. We spend a lot of time investing in our own cybersecurity to keep our members’ data safe and to provide the accounting profession with best practices and resources to support it in this area.

Change your password anyway! You can also use haveibeenpwned to check if your email has been in any known data breaches.

Related Posts

Local Man Sentenced For Accountant Hate Crime

Accountants are a favorite target for blamestorming when your financial situation takes a turn for the worse. Given. However, when a financial ignoramus’s blame manifests itself into physical abuse – especially by faux-celebs – toward his/her accountant (who could also possibly be an ignoramus) that is when an accountant hate crime has occurred, which any functioning society will not tolerate:

Joe Bruner will serve 11 months and 29 days in the county jail for attacking his accountant.

He will also be required to take anger management classes, submit to drug and alcohol evaluation, give up any weapons he has and avoid contact with Wayne Montgomery, the victim.

Circuit Court Judge John Brown imposed the sentence Monday after Bruner, the former owner of Big Kahuna’s water park, spoke at length about his IRS problems, Montgomery’s qualifications as a CPA and a State Attorney’s Office plot against him.

“Mr. Bruner seems to be blaming everyone else for his actions,” prosecutor LaShawn Riggins noted. “He has an excuse for everything.”

Bruner, 57, a former professional football player, was convicted Aug. 20 of felony battery for punching Montgomery several times at a July 21, 2009 business meeting at Bruner’s house.

The conviction was a felony because Bruner had a history of assaulting people. Brown rattled off five other occasions between 2001 and 2010 in which Bruner had faced charges for violence-related incidents.

Bruner gets jail time for assaulting accountant [NWDailyNews]

Some Feedback for PwC

From a source at 300 Mad House:

“I just took the firm wide pulse survey and I laid into them. I told them to stop falsely advertising work life balance.”

Not being intimately familiar the work/life whathaveyous that comes by way of Bobby Mo emails but acutely aware of the motivation techniques employed, we can understand the frustration. Especially judging by some of your reactions to last week’s number. If you feel like sharing your feedback for the year that was at P. Dubs, let it rip.

3 thoughts on “PSA: Change Your AICPA Password NOW (UPDATE)

  2. This is just the latest data point showing that the AICPA desperately needs new/better leadership. This organization isn’t just sitting around watching the death of the accounting profession, they are actively contributing to it.

Comments are closed.