TORONTO -- Canada Post says it has begun to reset passwords for all online customers as it investigates a report that some data may have been compromised in 2017.

The national postal operator stressed in a news release that “there has not been a cyberattack or hack of the Canada Post network.” Instead, user data may have been accessed by using the same username-password combinations of hacked accounts in outside breaches.

“This appears to be the result of credential stuffing, where login and password credentials stolen in external privacy breaches unrelated to Canada Post were paired and used to access some Canada Post accounts,” the Crown corporation said in an emailed statement to “This is possible when users reuse their credentials on several websites to avoid having to remember different passwords.”

Beginning Wednesday, all passwords for online accounts were being reset and the service said it would directly contact those whose data was compromised. In emails to customers, Canada Post suggested users create stronger passwords. It is unclear how many users may be affected.

“While this is not a breach of the Canada Post system, Canada Post understands that it is held to a higher standard and has an obligation to all of its customers and all Canadians to keep their information safe,” the corporation said. “Canada Post is reviewing its policies and procedures to determine what can be done to strengthen the security of its online platforms.”

A spokesperson added that the corporation is working with a third party to “investigate this situation, confirm our findings and provide additional guidance.”