Canadian government services forced offline after credential stuffing attacks
Some of the key Canadian government applications, including the ones providing federal and immigration services were recently attacked and force to stop their operations. As per the report, the attack conducted was ‘password stuffing’, where username and passwords of users which were stolen in previous hacks were used. This attack was successful due to the fundamental human nature, where we use the same password/username for multiple applications and accounts.
My understanding from this article is that people or organizations might not even be aware that they have been hacked or suffered a security breach. It should be noted that usernames and passwords which were used in this attack, were stolen previously and there were no suspicions raised by any people whose usernames and passwords were stolen. The most realistic solution to prevent these attacks would be to have different usernames and passwords for different accounts. However, in the age of SSO and due to limited human capabilities to save different passwords, this solution is always going to be a challenge.
Reference:
Leave a Reply
You must be logged in to post a comment.