The significance of setting strong and unique passwords for every account online echoed through a recent data breach at the Canadian government’s online portals. The attack brought down their online portals last weekend with around 300,000 account access oriented attack attempts on over 24 government systems.
CIO Marc Brouillard notified that they had first spotted the attack on Saturday morning when a CRA (Canadian Revenue Agency) portal was directly targeted with botnet induced endless traffic. To stop the credential stuffing attack from causing much harm, they had to shut down the CRA portal.
Consequently, over 11,000 tax and other personal accounts were compromised. However, Scott Jones from the Canada Centre for Cyber Security remarked that the adversaries had these credentials from a previous non-government attack. Perhaps the users whose accounts were compromised continued to use the same passwords for accounts of government of Canada portals. There are users whose accounts remained unaffected by this breach because of healthy password habits.
The Canadian government calls this a “front door” attack as the account holders had their usernames and passwords compromised in a previous attack and not from the Canadian government accounts. No comments have been made on the origin of the attack – the RCMP is still investigating the matter. They hope to have the portal back and running by Wednesday. The data breach helped find and resolve a vulnerability in government security software, ensuring that no such loopholes attract attackers.
While a government works with its security experts to secure a portal from hackers, users must also do their part and take necessary precautions. It is always recommended to use different passwords for different accounts. Changing passwords regularly and using strong passwords are other essential security practices. A hack of an account on one portal should not compromise your online data on all other websites. Hence, the need for unique passwords!