CRA disables online services after 'credential stuffing' cyberattack
The Canada Revenue Agency's website was just hit with a "credential stuffing" cyberattack, giving hackers access to 9,041 users' usernames and data. The Government of Canada temporarily shut down access to its online services as the bad actors tried to access GC's services. Approximately 5,500 GCKey service and CRA accounts were affected by this attack and another recent credential stuffing attack.
The attacks use passwords and usernames taken from previous hacks of accounts globally, taking advantage of the fact that many people reuse passwords and usernames on multiple accounts. Here's another reminder to please use different usernames and passwords for different accounts.