Canadian authorities said almost 15,000 online accounts for various government services have been targeted in three recent waves of credential-stuffing attacks. The Canada Revenue Agency (CRA) suspended online services after accounts were hit in a third wave of credential stuffing attacks this weekend. These accounts could give attackers access to Canadians tax-related and benefits information, coronavirus relief fund money and more. A vulnerability in the configuration of the security software for CRA accounts allowed attackers to bypass security measures.
Source: https://threatpost.com/cyberattacks-canadian-tax-benefit-accounts/158400/