
Canada Post is resetting passwords for online accounts - dustfinger
https://www.canadapost.ca/cpc/en/our-company/news-and-media/corporate-news/closures-and-service-interruptions-details.page?article=2019/10/16/canada_post_is_reset&cattype=announcements&cat=updates
======
dustfinger
I recieved the following email from "Canada Post" <donotreply-
nepasrepondre@notifications.canadapost-postescanada.ca>

    
    
      Canada Post password reset for online accounts (ref. OCT 2019)
    
      Canada Post is resetting passwords for all online customer accounts, starting on October 16, 2019.
    
      There has not been a cyberattack or breach of the Canada Post network but we are investigating a report that some customer information may have been compromised in 2017.
    
      We have been able to determine that login and password credentials stolen in external privacy breaches unrelated to Canada Post were used to access individual Canada Post accounts. This is possible when users reuse their credentials on several websites for convenience or to avoid having to remember different passwords.
    
      Based on our investigation, we do not believe your information has been compromised, but we are requiring that you reset your password.
    
      What you need to do
    
      * Create a stronger password (with both small and capital letters, a number and a special character such as !, # or %) for your Canada Post account.
    
      * To change your password, click the button at the bottom of this email. Enter your user name to start the process of resetting your password with the new requirements.
    
      * Alternatively, you can visit canadapost.ca, click "Sign in" the top right-hand corner of the homepage and then select "Forgot Password."
    
      * If you use the Canada Post or epost mobile app, please sign out and log back in once you have reset your password at canadapost.ca.
    
      While this is not a breach of the Canada Post network, we understand our obligation to our customers and all Canadians to keep their information safe. We will be reviewing our policies and procedures to determine how we can continue to improve the security of our online platforms.
    
      If you have any questions, please call our Customer Care team at 1-877-376-1212. Please use reference number OCT 2019 to help us direct your call.
    
      Thank you.
    

I really wish that they would not send out an email with a link to all account
holders to have their passwords reset. They just gave the phishers an easy
win. I wonder how many accounts will be compromised after this blunder? An
email informing people to go to the home page and select "Forgot Password",
but without providing any link would have been a better choice.

dustfinger.

