What’s being called a sophisticated but possibly futile cyberattack on GoToMyPC, a British remote PC access provider, has caused its parent company to reset the passwords of all its clients. GoToMyPC is owned by Citrix, the American software company that provides server, application and desktop virtualization, networking and other services. Citrix bought GoToMyPC from ExpertCity in 2004.
The attackers apparently used login names and passwords found in other data breaches to get at the GoToMyPC accounts. The global password reset ordered by GoToMyPC came soon after another of its remote access systems was attacked by hackers who also re-used passwords stolen elsewhere. Citrix said the GoToMyPC data breach did not compromise any of its internal systems.
In a statement, Citrix confirmed reports of the attack and said the stolen login credentials were leaked from various Web sites and used to gain access to the accounts of its users. Citrix responded by doing what it called a mandatory password reset for all its users. In the wake of the password reset, Citrix is requiring GoToMyPC users to reset their passwords before they can log in again, using their regular GoToMyPC login links.
“We encourage our members to enable two-step verification, and to use strong passwords in order to keep their accounts as safe as possible,” Citrix said in the statement.
Mandy Huth, director of cybersecurity for Belden, parent company of Tripwire Security, told us today that complacency is just as much the enemy in these scenarios as are the cyberattackers.
“It is not enough to think that we are exempt from these types of hacks, but we must not become complacent in our efforts to protect ourselves,” said Huth. “Our society is now a data-driven, connected place. Just as people had to learn the rules of driving as cars became part of society, so, too, must we learn the rules of good password management.”
To keep their data secure, Huth advised users to avoid re-using passwords across accounts and Web sites and to ensure that all financial account passwords are unique.
Data Probably Not Sensitive
individuals and businesses use GoToMyPC to obtain remote access to home and work computers via Web browsers. The software is available in consumer, pro and enterprise versions.
So far, it doesn’t seem as though any sensitive data, such as credit card numbers, was exposed in the attack. Citrix said it is still in the process of investigating the attack. The company said that it will let users know if any of their important data has been accessed by hackers.
A status report on the GoToMyPC Web site today informed users that if they were having problems reaching the site, it was probably because so many people were trying to change their passwords following news of the attack.