Log In
Register
Home
Topic RSS
Facebook
Twitter
Email this1:49 pm
January 12, 2019
Offline
.
Today's CBC article: https://www.cbc.ca/news/politics/canada-revenue-agency-cra-cyberattack-1.5688163
I just checked my account ... all looks OK.
-
Dean
" Live Long, Healthy ... And Prosper! "
1:57 pm
April 6, 2013
Offline
Looks like some taxpayers used the same password for their CRA account as they used at some other site.
Other site was compromised and hackers found the same password also worked for the victim's CRA account! 
CRA account should be fine if it has a different password:
…
The incidents are a type of attack known as "credential stuffing," the Treasury Board's Office of the Chief Information Officer said in a statement.
"These attacks, which used passwords and usernames collected from previous hacks of accounts worldwide, took advantage of the fact that many people reuse passwords and usernames across multiple accounts."
Aside from CRA accounts, thousands of others linked to GCKey — a secure portal that allows Canadians to access government services online — were also affected.
"Of the roughly 12 million active GCKey accounts in Canada, the passwords and usernames of 9,041 users were acquired fraudulently and used to try and access government services, a third of which accessed such services and are being further examined for suspicious activity," the statement read.
…
2:08 pm
January 12, 2019
Offline
Norman1 said
Looks like some taxpayers used the same password for their CRA account as they used at some other site.
Other site was compromised and hackers found the same password also worked for the victim's CRA account!
CRA account should be fine if it has a different password.
Sadly, it's a common mistake (bad habit) some people make. 
Laziness with passwords, can cost you; A Lot O' Grief ❗
- Dean
" Live Long, Healthy ... And Prosper! "
4:01 pm
May 20, 2016
Offline
CRA login is down.
8:23 pm
February 27, 2018
Offline
If i remember correctly... didn't a forum member raise this concern a week or so ago? Their post dealt with, if they log into their cra account using their bank log in data, then their bank and their cra account can be breached because the same password data is being used.
If they used their bank log in data only for their bank and a cra my account password. The two entities would remain separate.
9:41 pm
April 6, 2013
Offline
That's only true if one uses the same password at the bank and at CRA separately.
That is not how the sign-in partner system works at CRA. With the system, CRA never has a copy of the password. One actually signs into the bank first and the bank vouches for the person to CRA.
It is secure as long as one does not use that banking password for some unregulated site, like that a bitcoin exchange or some free e-mail site. That would result in another copy of the password stored in a place that is likely easier for hackers to reach undetected than within CRA or within the bank.
If instead the hackers get onto one's home computer and install a keyboard sniffer, then it doesn't matter if one uses different passwords. Over a course of months, the hackers will be able to sniff all the password used.
6:34 am
March 30, 2017
Offline
Norman1 said
That's only true if one uses the same password at the bank and at CRA separately.That is not how the sign-in partner system works at CRA. With the system, CRA never has a copy of the password. One actually signs into the bank first and the bank vouches for the person to CRA.
It is secure as long as one does not use that banking password for some unregulated site, like that a bitcoin exchange or some free e-mail site. That would result in another copy of the password stored in a place that is likely easier for hackers to reach undetected than within CRA or within the bank.
If instead the hackers get onto one's home computer and install a keyboard sniffer, then it doesn't matter if one uses different passwords. Over a course of months, the hackers will be able to sniff all the password used.
yeah the CRA partner login partner feature is still better than the separate CRA feature in my mind. Basically if someone hacks your bank password in order to access CRA, they would have done something to your bank account as well, which can be setup to have real time text alert to your phone, etc
10:34 am
January 12, 2019
Offline
davidgeorge said
CRA login is down.
I just checked ... it's Still not available.
Hopefully, it'll be available by Monday.
- Dean
" Live Long, Healthy ... And Prosper! "
10:51 am
October 21, 2018
Offline
The hacked accounts were tied to GCKey, which I had never heard of. Apparently it's yet another means to access GOC websites.
1:40 pm
January 12, 2019
Offline
.
Update, as of 2:05 pm CST today ➡ https://winnipeg.ctvnews.ca/canada-revenue-agency-shuts-down-online-services-after-two-cyberattacks-1.5066070
I've got my fingers crossed for Monday, but there's still no word on when the CRA online services ('My Account', etc.) will be restored.
- Dean
" Live Long, Healthy ... And Prosper! "
2:23 pm
April 6, 2013
Offline
According to CBC.ca: CRA shuts down online services after …, it is about 5,500 CRA accounts and about 9,000 GCKey-linked accounts.
It isn't clear how much overlap there is between the two sets of accounts.
6:07 pm
April 2, 2018
Offline
Why are you SO desperate to get into your account?????
If you are not affected, just chill out...
6:23 pm
February 27, 2018
Offline
I'm sorry i paid my june tax installment early, tax payments will be put off indefinitely.
I hear, the CRA have hired the Phoenix payroll programmers to fix their current security issues. Yeah, good luck with that.
6:52 pm
April 20, 2019
Offline
Kidd said
I'm sorry i paid my june tax installment early, tax payments will be put off indefinitely.I hear, the CRA have hired the Phoenix payroll programmers to fix their current security issues. Yeah, good luck with that.
I hope you are joking about the people behind the Phoenix payroll program being involved. Better count on nothing being done.
I am just stressing about not knowing my September tax instalment amount... any word on when we might know this?
7:10 pm
February 1, 2016
Offline
Last week we received email from CRA indicating we had new messages. We logged on and determined the messages were notices of the September and December installment amounts. The information is there.
You should be able to get this information once the CRA site is back up.
6:07 am
April 20, 2019
Offline
rodeworthy said
Last week we received email from CRA indicating we had new messages. We logged on and determined the messages were notices of the September and December installment amounts. The information is there.You should be able to get this information once the CRA site is back up.
Much appreciated. I never got any email updates and my cra account early last week had nothing new. However, it sounds like it will happen soon then if people are being updated.
6:26 am
October 21, 2018
Offline
We got our emails on Friday Aug 14.
9:50 am
January 12, 2019
Offline
Dean said
I just checked ... it's Still not available.
Hopefully, it'll be available by Monday.
Dean
Well ... it's Monday, but still No Luck.
I can get into 'My Service Canada Account' (via the GCKey), but the CRA 'My Account' is still not available ... and there is no indication when it will be available ❗
I guess we all just get to sit back, and wait.
-
Dean
" Live Long, Healthy ... And Prosper! "
10:10 am
January 12, 2019
Offline
.
UPDATE ... The CRA expects their site to be available again by 'Wednesday'.
Source ➡ https://www.bnnbloomberg.ca/cra-expects-online-services-back-wednesday-following-breaches-1.1480865
- Dean
" Live Long, Healthy ... And Prosper! "
7:17 am
December 20, 2016
Offline
Current instructions for managing CRA login credentials (Source: CRA website):
To manage any of the following CRA security options, you must first login to a service. Once you have logged in, you can access these options on the "CRA login and security options" page.
Change CRA user ID
Change CRA password
Change CRA security questions and answers
Update additional security feature preference
Revoke CRA user ID
View the Terms and conditions of use
View recent CRA login historyPassword
Your password must contain between 8 and 16 characters, one upper-case letter, one lower-case letter, one digit, no space, and no accented characters. The only special characters you can use are: dot (.), dash (-), underscore (_), and apostrophe ('). You cannot use more than 4 consecutive, identical characters. The password and the confirm password must match.
Stephen
Please write your comments in the forum.