If you have a Canada Post account or an epost account to manage your bills online, you may have received an automated email from them stating that starting on October 16, 2019, they are resetting all of their customer account passwords. Included in the email will be instructions and guidelines for the account holder to create new, stronger passwords.
According to the message in the email and on the Canada Post website, they are investigating a report that some customer information may have been compromised in 2017. However, the compromised accounts were not from any cyberattacks on the Canada Post network.
They have determined that the login and password credentials were stolen in external privacy breaches unrelated to their network and were used to access individual Canada Post accounts. They don’t believe that their users’ information has been compromised, but are requiring that account holders create new passwords.
“We are resetting passwords for online Canada Post customer accounts. Customers will receive an email with instructions. We apologize for any inconvenience. For more info, visit http://ow.ly/TK4c50wNb5G“
These types of events are only possible because users re-use their login credentials on more than one website, whether it is for convenience or to avoid having to remember different passwords for each of their online accounts. We recently wrote about the 13 Most Common Cyber Security Mistakes to Avoid for Individuals and addressed why you should never re-use your passwords across multiple websites.
Once a hacker has cracked your password, he can attempt to gain access to your other accounts via a method known as Credential Stuffing. This is essentially a type of cyber attack using a list of usernames/email addresses and passwords combinations stolen from data breaches to break into other websites or web applications through large-scale automated login requests.
In our blog post, we also recommended the use of a password management software that can help you generate, manage and remember your strong passwords as well as implementing two-factor authentication wherever possible.
Canada Post has also said that they are contacting their customers directly if their account information has been compromised this recent activity.
“While this is not a breach of the Canada Post network, we understand our obligation to our customers and all Canadians to keep their information safe. We will be reviewing our policies and procedures to determine how we can continue to improve the security of our online platforms.”
What to do if you have a Canada Post or an epost account:
- Click on the Reset Password button at the end of the email and follow the steps to create a new and stronger password with these requirements:
- Use both small and capital letters, a number and a special character such as !, # or %
- If you didn’t receive the email, you can visit canadapost.ca and click on Sign in (located at the top-right of the website’s navigation) and then click on Forgot Password
Due to their investigation, Canada Post has taken the responsibility to inform their customers and measures to quickly reset all of the passwords of their customers.
When data breaches occur and personal information is compromised, it not only affects those businesses and their users, but it may also affect other businesses and their users down the road, due to the fact that password re-use is still such a prevalent practice.