Strangers had access to thousands of Canadian tax authority accounts
Photo: imago stock & people / imago / ZUMA PressStrangers have gained access to thousands of government user accounts in Canada. The Canadian tax authorities announced on Saturday. More than 9,000 accounts of the so-called GCKey service, through which citizens access the online services of dozens of Canadian authorities, are affected. In addition, around 5500 other user accounts of the tax authority are affected.
The authority claims to have blocked all affected accounts after the hacker attack became known. Police and the government opened an investigation to see if sensitive information was obtained in the attack.
As the state broadcaster CBC reports, several citizens had noticed in recent weeks that the e-mail addresses and bank information in their user accounts had been changed and Corona aid had been applied for on their behalf.
Recycled passwords as a gateway
The attack was a so-called credential stuffing attack, said a spokesman for the authorities. Accordingly, the perpetrators did not exploit any technical weaknesses in the government services, but rather the fact that many users use the same password for several services.
In such an attack, log-in data already circulating in the network from old hacks of other websites are used and automatically applied to a new target, in this case the Canadian government services.
The case shows once again how dangerous it is to use the same password for several online offers. If you want to protect yourself against such attacks, you should therefore create a separate, secure password for each service and keep it in a password safe. Here we introduce some of these services. In addition, it is worthwhile to use offers such as Have I Been Pwnd or the Identity Leak Checker from the Hasso Plattner Institute in Potsdam. These provide information about the known data leaks in which you already appear with your log-in data.
Icon: The mirrorply / AFP