Canada Post has begun to reset passwords for all online customers as it investigates a report that some data may have been compromised in 2017. The postal operator stresses that their organization hasn’t been breached, however, user data may have been accessed by using the same username-password combinations of hacked accounts in outside breaches. “This appears to be the result of credential stuffing, where login and password credentials stolen in external privacy breaches unrelated to Canada Post were paired and used to access some Canada Post accounts,” said Canada Post in an emailed statement to CTV News.
Customers whose data was affected by the credential stuffing attack were contacted by Canada Post. There is no word how many users are affected, but Canada Post has reset all user accounts. In emails to customers, Canada Post urged users to create stronger passwords
While this isn’t the fault of Canada Post, the lengthy gap between intrusion and the discovery increases the likelihood that compromised accounts end up on the Dark Web or leveraged for fraud. All users should review account credentials to ensure that they are not using similar passwords across accounts, which would make them vulnerable to future threats.
Cybersecurity experts have told us all along to use different passwords for each of our online accounts. They also recommend things like a passphrase, which is made up of multiple words. Enabling something like two-factor authentication is also something that could help prevent credential stuffing attacks, as now a hacker would have to intercept a text message or phone call as well to get into an account.
Could your corporate accounts be accessible on the dark web? Could your organization be at risk of a credential stuffing attack? Contact Uzado for a free Dark Web Scan.