Thousands of CRA accounts breached following pair of cyberattacks | CBC News:
Attacks based on reused usernames, passwords
The
incidents are a type of attack known as “credential stuffing,” the
Treasury Board’s Office of the Chief Information Officer shared in a
statement.
“These attacks, which used passwords and usernames
collected from previous hacks of accounts worldwide, took advantage of
the fact that many people reuse passwords and usernames across multiple
accounts.”
Aside
from CRA accounts, thousands of others linked to GCKey — a secure portal
that allows Canadians to access government services online — were also
affected.
“Of the roughly 12 million active GCKey accounts in
Canada, the passwords and usernames of 9,041 users were acquired
fraudulently and used to try and access government services, a third of
which accessed such services and are being further examined for
suspicious activity,” the statement read.
Thousands of CRA accounts breached following pair of cyberattacks | CBC News: Attacks based on reused usernames, passwordsThe
incidents are a type of attack known as “credential stuffing,” the
Treasury Board’s Office of the Chief Information Officer shared in a
statement.“These attacks, which used passwords and usernames
collected from previous hacks of accounts worldwide, took advantage of
the fact that many people reuse passwords and usernames across multiple
accounts.”Aside
from CRA accounts, thousands of others linked to GCKey — a secure portal
that allows Canadians to access government services online — were also
affected.“Of the roughly 12 million active GCKey accounts in
Canada, the passwords and usernames of 9,041 users were acquired
fraudulently and used to try and access government services, a third of
which accessed such services and are being further examined for
suspicious activity,” the statement read.Read More