The federal government is warning Canadians not to reuse old passwords after thousands of accounts, including CRA logins, were targeted in a credential stuffing attack.
Hackers obtained and attempted to use the GCKey passwords and usernames of 9,041 people, the Treasury Board of Canada Secretariat said in a statement Saturday.
GCKey is the online authentication system that allows people access to Service Canada, Refugees and Citizenship Canada and more than two dozen other government departments.
For a third of the accounts affected, the hackers were successful in accessing government services online. Those accounts will be “further examined for suspicious activity,” the statement said.
As part of that attack and another recent incident, 5,500 CRA accounts were targeted.
STORY CONTINUES BELOW ADVERTISEMENT
The federal government said all compromised accounts have been disabled and those affected are being contacted. They will receive instructions on how to restore their GCKey or CRA MyAccount access.
Credential stuffing is a form of cyberattack that relies on databases of stolen login information made available through previous data breaches. The hackers use those credentials try to gain access to different online services.
No comments:
Post a Comment