Remote desktop app GoToMyPC has confirmed that it was targeted by what it calls a “very sophisticated password attack,” and has reset all customer passwords.
The incident first came to light on June 18, when the company announced on its Status page that some users were having trouble logging in. The following day the incident had been upgraded to a cyber-attack, GoToMyPC said.
“Unfortunately, the GoToMYPC service has been targeted by a very sophisticated password attack,” the statement said. “To protect you, the security team recommended that we reset all customer passwords immediately. Effective immediately, you will be required to reset your GoToMYPC password before you can login again.”
Beyond this, Citrix, which owns the GoToMyPC service, is revealing very little about the attack, such as whether any accounts were breached, or if any customer information was accessed.
Infosecurity Magazine has reached out to Citrix for more details but has yet to receive a reply.
Depending on the full extent of this attack, it could prove to be a very serious breach. GoToMyPC offers remote access to desktops from other computers and mobile devices. It is very popular with workers who are away from the office and need full access to all their applications and documents. If the attackers were able to breach user accounts they could have accessed sensitive corporate information.
GoToMyPC did provide users with guidelines on how to pick a strong replacement password, such as not using words from the dictionary and mixing in random punctuation, numbers and capital letters. Although GoToMyPC doesn’t mention this, it’s also vital that anyone who may have used the same password on a different site change that password immediately.
It also encouraged users to adopt two-factor authentication for an added layer of security.