Thousands of user accounts for online government services in Canada were recently hacked during cyberattacks, Canadian authorities have announced.
According to a statement, "The Government of Canada is taking action in response to “credential stuffing” attacks mounted on the GCKey service and CRA accounts. These attacks, which used passwords and usernames collected from previous hacks of accounts worldwide, took advantage of the fact that many people reuse passwords and usernames across multiple accounts."
Fausto Oliveira, Principal Security Architect at Acceptto, notes that, “Credential stuffing is a pervasive security issue caused by the complexity of today's authentication mechanisms that still rely on a password. Users today have access to hundreds, if not thousands, of services each requiring a password and as such credential re-use if often common. Once a hacker has gained access to one of the services they can try to attack other services by re-using the password and gain access to further information for example by hacking the user's email, internet provider accounts, etc."
Read the rest of the Security Magazine article