A widespread hacking of federal I.T. systems resulted in the Canadian Revenue Agency suspending it's online tools for a number of days last week. Hackers managed to access an estimated 5,500 CRA  using usernames and passwords that had been purchased from breaches of other websites.

What this means is the hackers that accessed the CRA accounts already had the 5,500 usernames or passwords they used from another web-service. The hackers then just simply 'stuffed' the CRA log-in to see who had re-used their usernames and passwords.

"It's important to note that the services itself were not compromised. There is no indication of compromise from our internal government services." Marc Brouillard, the federal government's chief technology officer said in a press briefing.

These were not sophisticated attacks. The manner in which they breached the accounts has a very simple defense. Don't re-use usernames and passwords! Especially for crucial accounts. Passwords for emails, banking, government, and phones should no be repeated. Canadians should endeavor to create unique passwords for each vital account we maintain. Users should also use 2 step authentication when-ever possible.

"The important thing to recognize in this case is, this is not an attack where an attacker is trying to get in through the back door. They're going in just like normal users," Marc Brouillard continued. "They are applying credentials just like normal users." 

Using password generators and keepers on smart-phones can make protecting your online information all the more secure. It's an incredibly easy thing to do that could save you a lifetimes worth of grief.