Hackers targeted thousands of CRA Accounts

The federal government is warning Canadians not to reuse old passwords after thousands of accounts, including CRA logins, were targeted in a credential stuffing attack.

Hackers obtained and attempted to use the GCKey passwords and usernames of 9,041 people, the Treasury Board of Canada Secretariat said in a statement Saturday.

GCKey is the online authentication system that allows people access to Service Canada, Refugees and Citizenship Canada and more than two dozen other government departments.

For a third of the accounts affected, the hackers were successful in accessing government services online. Those accounts will be “further examined for suspicious activity,” the statement said.

As part of that attack and another recent incident, 5,500 CRA accounts were targeted.

The federal government said all compromised accounts have been disabled and those affected are being contacted. They will receive instructions on how to restore their GCKey or CRA MyAccount access.

Credential stuffing is a form of cyberattack that relies on databases of stolen login information made available through previous data breaches. The hackers use those credentials try to gain access to different online services. 

Cyberattack compromises data of 15 million LifeLabs customers

“The Government of Canada is taking action in response to ‘credential stuffing’ attacks mounted on the GCKey service and CRA accounts,” the statement said.

“These attacks, which used passwords and usernames collected from previous hacks of accounts worldwide, took advantage of the fact that many people reuse passwords and usernames across multiple accounts.”

The federal government said it’s investigating the attacks along with the RCMP to see if there were privacy breaches or information obtained by the unauthorized users. The Office of the Privacy Commissioner has been contacted as well.


A Note from the Author:

Hackers are everywhere. It's super scary to see how easily people can be targeted and their information can be used without their permission. You can see the current CRA hack that happened. If your collecting CERB please change your passwords for CRA login immediately. I'm not a Cybersecurity expert but I understand that you do need protection.

We have a friend who's like a "Anti-Hacker" and he handles Platinum PC's cyber security.We believe he can really help you guys with your cyber security needs and should you wish to contact him please let us know and we can get you in touch.


Credit Reference: https://globalnews.ca/news/7278345/canada-hackers-credential-stuffing-attack/ 

Leave a comment