Thousands of government service and CRA accounts hit by credential stuffing attack

The Government of Canada says thousands of GCKey service and Canada Revenue Agency income and business tax accounts have been slammed with multiple credential stuffing attacks.

Used by roughly 30 federal departments, GCKey lets Canadians access services like Employment and Social Development Canada’s My Service Canada Account or their Immigration, Refugees and Citizenship Canada account. The Treasury Board of Canada Secretariat says that of the roughly 12 million active GCKey accounts in Canada, the passwords and usernames of 9,041 users were obtained fraudulently and used to try and access government services. A third of those hacked accounts accessed government services and are being “further examined for suspicious activity.”

Also:

Nearly 70% of fraud phishing attacks are directed at Canada: RSA report

 

The bad news continues. Approximately 5,500 CRA accounts were targeted as part of the GCKey attack and another recent “credential stuffing” attack aimed at the CRA, according to an Aug. 15 press release. 

“Access to all affected accounts has been disabled to maintain the safety and security of taxpayers’ information and the Agency is contacting all affected individuals and will work with them to restore access to their CRA MyAccount,” it reads.

The RCMP is investigating, and the federal Privacy Commissioner has been contacted and alerted to possible breaches. But as of August 15th, it was unclear if any info was obtained from the attack. CBC News reports that several Canadians say email addresses associated with their CRA accounts had been changed, their direct deposit information altered and that COVID-19 aid payments under the Canada Emergency Response Benefits payments had been issued in their name even though they had not applied for the benefit.

The CRA says affected users will be contacted directly. IT World Canada has reached out to the Treasury Board of Canada Secretariat to confirm the exact number of affected CRA accounts and will update the story upon confirmation.

It’s a good time to revisit passwords, make sure none of them are the same, and check to see if any accounts are sporting suspicious activity.

---

1/5 The GC has taken action in response to credential stuffing attacks mounted on the GCKey service and the CRA. pic.twitter.com/KZhvFKFQot

— Digital Government (@DigitalCDN) August 15, 2020

Finally did get through to CRA about my online account being suspended.

Someone did try to get access to my tax account but did not get the password. They also tried to go through the password recovery but couldn’t answer my questions.

CHECK YOUR ACCOUNTS

— Kay M. Dingwell (@CanadianKayMD) August 14, 2020

from IT World CanadaIT World Canada https://ift.tt/2YndNG7