The hackers used more than 9,000 stolen usernames and passwords to request government services, and also targeted approximately 5,500 Canada Revenue Agency accounts, the federal government said in a statement.
The RCMP is investigating whether the hack led to breaches of privacy or information stolen from the accounts, which have been deactivated, the Treasury Board of Canada Secretariat said on Saturday.
The 9,000 hijacked accounts have been canceled and the approximately 3,000 accounts that have been successful in obtaining government services are under investigation.
The separately targeted 5,500 CRA accounts have been deactivated and owners are being contacted, the government said.
The cyber attacks used a technique called credential stuffing to target a system used by 12 million users and around 30 federal departments, including immigration accounts.
Attackers used passwords and usernames collected in previous account hijackings around the world and “took advantage of the fact that many people reuse passwords and usernames on multiple accounts” , the government said.