Guwahati: On Saturday, hackers were able to gain access to usernames and passwords of over 9000 accounts for online government services said the Treasury Board of Canada Secretariat.
The attacks this time were targeted to the GCKey service which is used by some 30 federal departments and Canada Revenue Agency accounts as stated in the press release by the Canada Secretariat. The authorities said, “The passwords and usernames of 9,041 GCKey account holders were acquired fraudulently and used to try and access government services.”
This means that the hackers were able to gain credentials for thousands of accounts for tools that are used to access many government services. After the hackers acquired passwords and usernames, these credentials were used to try and access government services. A third of these are now being further examined for suspicious activity according to the release. Meanwhile, all the affected accounts have now been canceled.
The Treasury Board in a statement said, “The Government of Canada is taking action in response to “credential stuffing” attacks mounted on the GCKey service and CRA accounts.” The statement also added that GCKey is used by approximately 30 federal departments. Additionally, GCKey allows Canadians to access services like Employment and Social Development Canada’s My Service Canada Account or their Immigration, Refugees, and Citizenship Canada account.
Near about 5,500 Canada Revenue Agency (CRA) accounts were targeted as part of the GCKey attack and another recent “credential stuffing” attack aimed at the CRA added the official statement. An investigation is also launched by the government and the federal police to determine whether the information was obtained from these accounts and whether there was any breach of privacy as stated by authorities.
Additionally, several Canadians have already reported that their banking information associated with their CRA accounts has been altered since the beginning of August according to the Canadian Broadcasting Corporation.