WINNIPEG -- Over the weekend, the Canada Revenue Agency (CRA) had to shut down its online services after hackers used stolen usernames and passwords to target thousands of users.

While online services have resumed, the CRA has now had to modify its security systems against future cyberattacks.

“What they did was they had gone in and changed the passwords, changed the email addresses, and changed the banking information for about 2,000 of those accounts,” said Michael Primeau from Online Business Systems.

But what can people do to protect themselves?

According to Primeau, this hack hinged on a password reuse exploit, so the best thing people can do is practice good password hygiene.

He said people need to keep in mind that hackers are also consumers who know that people reuse the same passwords for multiple online accounts.

“I was doing some research into this, and basically the average user has about three passwords: they have a very strong password, they have a medium password and they have a weak password,” he said.

“And they reuse the same passwords over and over again, and for different online services.”

Primeau said to practice proper password hygiene, people need to move from passwords to passphrases, which are long words or statements.

Primeau also suggested people should substitute the letter ‘O’ with a zero and the letter ‘E’ with the number three. He added people should use different passphrases for each service and change them frequently.

“Any time you hear of a breach, it should really cause you to change your passphrase,” he said.

Primeau said people also need to be aware of phishing emails.

- With files from CTV’s Nicole Dube.