If you use the same password on multiple websites, the feds say it’s time to diversify.
In a statement on Saturday, the government revealed that hackers had recently used previously-obtained usernames and passwords to try and log into several services – including CRA accounts.
The information had been collected from 9,041 people through hacks involving other websites. The hackers apparently assumed that some of these people would be using the same password across multiple places – including government sites. This hacking technique is called “credential stuffing”.
The government says it began disabling accounts as soon as the threat was discovered.
If your account was affected, they’ll let you know.
The attacks targeted the GCKey service, which helps people log into their accounts with various federal departments.
In the cases of about 3,000 people, the hackers were able to access services. The government has disabled these accounts and is examining them for signs of suspicious activity.
Of the more than 9,000 people targeted, about 5,500 of them saw their CRA accounts under attack.
Again, the feds say these accounts have been disabled.
It is not yet known if anyone’s privacy has been breached.
For the full statement, click here.
For tips on how best to protect your internet passwords, click here.