Please ensure Javascript is enabled for purposes of website accessibility
February 2, 2023

PSA: Change Your AICPA Password NOW (UPDATE)

lame stock photo of a hacker

Who penetrates networks in the dark with a hood over their head? Silly.

h/t @cbriancpa for tweeting this story out

Hackers are claiming they gained access to a database with more than 140,000 emails and passwords from the AICPA according to Cybernews, the only outlet reporting on this as yet. We have reached out to the AICPA to confirm.

Attackers announced the breach on a popular hacking forum, saying they have a database with over 140k user data. Threat actors attached samples of the data as proof of legitimacy.

Sample data investigated by the Cybernews research team suggest that the dataset might include login details of people from all over the world, as many emails end with different country code top-level domains.

via cybernews

There’s not much information and I’m not about to go digging around on hacker forums to find it. The AICPA has 689,000 members so it doesn’t appear everyone’s information was compromised, go ahead and change your password on AICPA.org just to be safe (Ed. note: according to a statement provided by the AICPA which you can find below, the emails and passwords “appear to be from previously disclosed breaches of other, unrelated organizations” and are not connected to AICPA & CIMA).

This wouldn’t be the first time the AICPA has been compromised. In 2018, nefarious individuals gained access to the AICPA’s Twitter account and tweeted some crypto scam nonsense.

screenshot of the AICPA's compromised Twitter account

While I have you, allow me to take a moment to remind you not to reuse passwords, your logins should be different for every site. And don’t use common or PII passwords (name + birth year, for example).

I’d say use a password manager but apparently those aren’t safe anymore either.

Update: an AICPA spokesperson provided us with a statement on the Cybernews report:

We became aware of the CyberNews article earlier this week. Our IT incident response team began immediate assessment and testing of the allegedly compromised trove of emails and passwords, enlisting third-party cybersecurity firms as part of that process. We’ve concluded the hacked emails are not connected to AICPA & CIMA. They appear to be from previously disclosed breaches of other, unrelated organizations.

Unfortunately, hacking scams are increasingly common for organizations large and small. We spend a lot of time investing in our own cybersecurity to keep our members’ data safe and to provide the accounting profession with best practices and resources to support it in this area.

Change your password anyway! You can also use haveibeenpwned to check if your email has been in any known data breaches.

Latest Accounting Jobs--Apply Now:

Have something to add to this story? Give us a shout by email, Twitter, or text/call the tipline at 202-505-8885. As always, all tips are anonymous.

3 Comments

  1. This is just the latest data point showing that the AICPA desperately needs new/better leadership. This organization isn’t just sitting around watching the death of the accounting profession, they are actively contributing to it.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related articles

SobelCo logo from CliftonLarsonAllen

CliftonLarsonAllen Just Gained 200 People

Image via CliftonLarsonAllen CLA has merged with New Jersey’s SobelCo (a firm we’ve heard only good things about) and produced the obligatory press release about the union. Shout out to Allan Koltin, the prenuptial counselor of accounting firm marriages, who helped with the deal. News release: Today, CLA (CliftonLarsonAllen LLP), the eighth largest accounting firm […]

a "you're hired" handshake

Advice on How to Get Hired at EY From the Vice Chair of Talent

Insider has published an ‘as-told-to- essay from EY Americas Vice Chair — Talent Ginnie Carlier in which she offers insight on what the firm is looking for from prospective hires. One takeaway: add a “personal purpose statement” to your résumé if it doesn’t already have one. This is not a bland objective — those have […]