Warning! GoToMyPC hit by password hackers
By their very nature, remote access tools represent something of a security risk. It's only a couple of weeks since TeamViewer users complained about account hijacking, and now GoToMyPC has been hit by hackers.
The service has been hit by what is being described as a "very sophisticated password attack", and the company is advising all users to reset their passwords. Details are a little thin on the ground at the moment as an investigation is currently underway, but users are warned to monitor their account and change their passwords.
There's no word on the origin of the password attack, but just as with TeamViewer the fact that a remote access tool has been affected will be great cause for concern. Citrix, the company behind GoToMyPC, has said next to nothing about what form the attack took, but says that "we apologize for the frustration this issue is causing".
In a statement on the GoToMyPC status page, the company says:
Unfortunately, the GoToMYPC service has been targeted by a very sophisticated password attack. To protect you, the security team recommended that we reset all customer passwords immediately.
Effective immediately, you will be required to reset your GoToMYPC password before you can login again.
To reset your password please use your regular GoToMYPC login link.
Recommendations for a strong password
- Don't use a word from the dictionary
- Select strong passwords that can't easily be guessed with 8 or more characters
- Make it Complex -- Randomly add capital letters, punctuation or symbols
- Substitute numbers for letters that look similar (for example, substitute "0" for "o" or "3" for "E".
Users are also advised to consider enabling two-factor authentication on their accounts to help improve overall security.
On Twitter, Citrix is not exactly shouting about the fact that it has been hacked:
If you are having issues logging into your account, please visit our service status page for instructions https://t.co/1MBVdkKNFM ^GD
— Citrix GoToMyPC (@GoToMyPC) June 18, 2016
We've reached out to find out more about what has happened, and we'll update this post when we hear something.
Citrix has responded to BetaNews. Product Line Director John Bennett says:
Citrix takes the safety and security of its customers very seriously, and is aware of the password attack on GoToMyPC. Once Citrix learned about the attack, it took immediate action to protect customers. Citrix can confirm the recent incident was a password re-use attack, where attackers used usernames and passwords leaked from other websites to access the accounts of GoToMyPC users.
At this time, the response includes a mandatory password reset for all GoToMyPC users. Citrix encourages customers to visit the GoToMyPC status page to learn about enabling two-step verification, and to use strong passwords in order to keep accounts as safe as possible. Further, there is no indication of compromise to any other Citrix product line.