searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
Zeljka Zorz
Zeljka Zorz, Editor-in-Chief, Help Net Security
June 20, 2016
Share

GoToMyPC remote desktop service resets all passwords in wake of attack

GoToMyPC, a remote computer administration service offered by Citrix, has forced a password reset for all customers in the wake of what they call a “very sophisticated password attack.”

GoToMyPC

“Effective immediately, you will be required to reset your GoToMyPC password before you can login again,” the company told customers via email on Sunday, and advised them to use their regular GoToMyPC login link to reset the password, or go through the “Forgot Password” link located under the GoToMyPC account login.

Users were asked not to choose the same password as before, to avoid using words that come up in a dictionary, to make it longer that 7 characters, and to make it complex.

Unfortunately, the company didn’t add one more crucial piece of advice: “Don’t use a password you’re already using for some other online account.”

They did, however, advise users to use the 2-step verification option to protect their accounts.

GoToMyPC didn’t say that they have suffered a breach, so it’s likely that password reuse is what led to this particular attack.

A few days ago an unknown attacker was spotted trying to break into a large number of GitHub accounts by trying out username/password combinations leaked from other online services, and it’s possible he moved on to targeting GoToMyPC, or some other attacker did.

Compromised GoToMyPC accounts bring more immediate danger to users than compromised GitHub accounts, though, as the former would allow attackers to access the victims’ computer and all the information on it, including banking and personal information.

As we’ve seen in the recent spate of TeamViewer account takeovers, this could end up with fraudulent purchases and emptied bank accounts.

More about
  • account hijacking
  • account protection
  • GoToMyPC
  • passwords
  • remote access
Share this

Featured news

  • 5 rules to make security user-friendly
  • The impact of AI on the future of ID verification
  • Detecting face morphing: A simple guide to countering complex identity fraud
How to protect online privacy in the age of pixel trackers

Sponsored

Webinar: Tips from MSSPs to MSSPs – starting a vCISO practice

Security in the cloud with more automation

CISOs struggle with stress and limited resources

How to scale cybersecurity for your business

Don't miss

5 rules to make security user-friendly

The impact of AI on the future of ID verification

How to protect online privacy in the age of pixel trackers

Detecting face morphing: A simple guide to countering complex identity fraud

How to best allocate IT and cybersecurity budgets in 2023

Cybersecurity news
Help Net Security - Daily information security news with a focus on enterprise security.
© Copyright 1998-2023 by Help Net Security
Read our privacy policy | About us | Advertise
Follow us