Thousands of Canadian Gov’t Accounts Hacked, Lessons Learned from this Attack
Thousands of Canadian Gov’t Accounts Hacked, Lessons Learned from this Attack The Government of Canada recently confirmed that thousands of Canadian Government accounts had been hacked. In a statement issued last August 15th, the Treasury Board of Canadasaid that the attackers zeroed-in the government's GCKey system – a single sign-on (SSO) system used by 30 Canadian federal departments for the public to access different government services, including employment, citizenship, social services such as access to Covid-19 relief programs. GCKey is also used as an alternative access route to login to the Canadian Revenue Agency (CRA) systems. Credential Stuffing Attack In the August 15th statement released by the Treasury Board of Canada, out of 12 million GCKey accounts, 9,041 accounts were compromised via the cyberattack called "credential stuffing". In a credential…