GoToMyPC resets all user passwords after sophisticated cyber attack

A 'sophisticated' attack has led the Citrix-run service, GoToMyPC to reset all of the passwords of its users.

The service, which allows users to access their PCs remotely, was hit by an attack shortly after its rival in the remote desktop space, TeamViewer was hit by a similar attack. GoToMYPC has not provided details as to whether any passwords were successfully stolen after the attack but it has let users know that the massive site-wide password reset was a safety precaution.

On Sunday, the service issued an advisory to its users saying: “Unfortunately, the GoToMYPC service has been targeted by a very sophisticated password attack. To protect you, the security team recommended that we reset all customer passwords immediately. Effective immediately, you will be required to reset your GoToMYPC password before you can login again.... We apologise for the frustration this issue is causing.”

GoToMYPC is recommending that all of its users choose passwords that are strong and complex in nature. The service also strongly suggests that two-step verification is enabled to further protect one's account.

Earlier this month, TeamViewer decided to introduce new security features after it was reported that attackers had tried to use its system to infiltrate other users' systems. The company believes that the attacks against its website were connected to the recent dump of of several hundred million passwords from LinkedIn, MySpace, Tumblr and Fling.

It is quite possible that these latest attacks against GoToMYPC were a series of password reuse attacks trying to see if users had deployed the same password on multiple sites.

David Gibson, VP of strategy and market development, Varonis commented: "The GoToMyPC attack illustrates that data breaches should be considered a real and inevitable possibility – even for the most secure environments. Organisations need to get the basics right when it comes to securing their most valuable data, and disposing of information that is no longer necessary to the business. In this GoToMyPC attack, good corporate citizenship and a fast response enabled everyone to remain relatively safe – as long as everyone remembers to change their passwords. Folks are probably used to that by now, but they may not be following best practices for password hygiene.

"People are bad at coming up with their own passwords. We’re all guilty! For convenience, we make them obvious or short or both, and use them more than once.

"Hackers are good and getting better all the time at breaking them, either though brute force guessing or dictionary-style attacks if the hackers have access to the password hash."

Image Credit: Maradon 333 / Shutterstock