Log In
Register
Home
Topic RSS
Facebook
Twitter
Email this3:32 pm
September 11, 2013
Offline
".....the agency noted over 100,000 accounts that used the same combination of email and password." I don't understand, over 100K Canadians used the same email address? And then they all used the same password?
3:41 pm
May 27, 2016
Offline
Oscar said
How and why would any external organizations have someone's CRA login information ? Any ideas ?
They don't, not exactly. It's because a lot of lazy people use the same username on different sites, and even lazier people use the same password in combination with that same username on different sites.
That means that if somebody hacks into and steals a username & password database from, say, Home Depot or Walmart or Etsy or whatever, anyone on that stolen list who is using the same username & password combo elsewhere (like at CRA for instance) is at risk.
Scumbags routinely buy these kinds of lists and then attempt to access people's accounts by what is called "credential stuffing" where they use the stolen user & password combos to try to gain entry into sites like banks, etc.
CRA cybersecurity bought a copy of this particular batch of data, ran it against their own username/password database and found that over 100,000 CRA accounts could potentially be accessed, so they locked them all down. That's a lot of lazy people.
Simple message: Don't use the same user name, and don't use the same password
4:01 pm
October 17, 2018
Offline
That makes sense , thanks. I assumed people were generally more security conscious about that stuff. Forgot about lazy.
4:21 pm
October 27, 2013
Online
I have well over 100 online accounts of one sort or another from banks to Kijiji to Walmart, etc. If I didn't use a password manager, there would be no way to keep it all straight. That is what the issue is. Don't even have to be lazy. It is just unmanageable otherwise.
4:49 pm
December 7, 2011
Offline
Bill said
".....the agency noted over 100,000 accounts that used the same combination of email and password." I don't understand, over 100K Canadians used the same email address? And then they all used the same password?
No, Bill. Each one from those over 100k Canadians used own email and own password, but they also used the same email and password combination on another sites, besides CRA.
So, all emails from that over 100,000 accounts for sure are different and passwords probably also are different or quite possible, that they maybe using easy passwords, for example "password 123".
5:21 pm
September 11, 2013
Offline
Oh, I see, thanks. I have all my unique sign in id's and passwords listed on a few sheets of paper I keep locked up, id's in one cabinet, passwords in another. The very few I use regularly I've memorized.
7:42 pm
March 16, 2018
Offline
Bill said
".....the agency noted over 100,000 accounts that used the same combination of email and password." I don't understand, over 100K Canadians used the same email address? And then they all used the same password?
I think this is what happened. Some perpetrator obtained user credentials of 100,000 different taxpayers. Then the perpetrator changed the email address of these 100,000 accounts to his/her email address. So now, all CRA communication notifications to these 100,000 taxpayers now go to his/her inbox. The perpetrator also changed the password of these 100,000 accounts to a common password for ease of access.
Obviously, I wouldn't imagine this is a task for someone to do it one by one by hand for 100,000 times. It must be done by robo automated computer program written by some software programmers.
5:26 am
February 7, 2021
Offline
My government dose not seem to be very good with computers . phoenix pay system all the problems at CRA . that is why printing out your tax return seems better , Than engaging them with a computer I am sure these problem will be fixed at some point . but just not ready for prime time yet .
5:39 am
September 11, 2013
Offline
I'm guessing it's not the top IT folks who are working in the unionized public sector, often when I use gov't computer systems it feels a bit like Oaken's.
10:56 am
April 2, 2018
Offline
AltaRed said
I have well over 100 online accounts of one sort or another from banks to Kijiji to Walmart, etc. If I didn't use a password manager, there would be no way to keep it all straight. That is what the issue is. Don't even have to be lazy. It is just unmanageable otherwise.
Agree with you 100%. It is not only one bank, one on-line store or government.
Unless you are extremely busy with your family/life, now is the good time to go through all your bookmarks, access all those sites and confirm all user IDs/passwords are really difficult to crack.
What password manager do you use? I like roboform for PC and Enpass for Android.
Please write your comments in the forum.