The Citrix-run remote desktop service said it was targeted by a ‘very sophisticated password attack’
GoToMYPC, a Citrix-run service that allows users to remotely access their computers, has reset all users’ passwords following a “sophisticated” attack.
The incident comes shortly after widely reported attacks on user systems using a similar remote desktop tool called TeamViewer.
GoToMYPC did not indicate whether any passwords had been successfully stolen, but indicated it was resetting all passwords as a precaution.
“Unfortunately, the GoToMYPC service has been targeted by a very sophisticated password attack,” the service said in an advisory on Sunday. “To protect you, the security team recommended that we reset all customer passwords immediately. Effective immediately, you will be required to reset your GoToMYPC password before you can login again… We apologise for the frustration this issue is causing.”
GoToMYPC advised users to select a strong, complex password and also recommended users switch on two-step verification, meaning an attacker would require more than a password alone to access the account.
On Saturday the service had said it was investigating an unnamed “issue” that might require a password reset.
While it isn’t clear whether any passwords have been stolen from GoToMYPC, users should also change passwords they may have reused on other sites to be on the safe side, said security analyst Graham Cluley.
“It’s a shame in their recommendations GoToMyPC’s security team left out the most important one of all – don’t reuse your passwords in multiple places,” he wrote in a blog post.”It’s sensible that your GoToMyPC password has been changed – but you also need to ensure that you change your passwords on any site other than GoToMyPC if you were making the mistake of not using unique passwords.”
Earlier this month TeamViewer, which makes another popular remote-login software package, has said it would introduce new security features in response to a rash of reports of attackers using the platform to infiltrate users’ systems.
The company said the attacks appeared to be connected with the recent sale online of several hundred million passwords from a number of social media websites, including LinkedIn, MySpace, Tumblr and Fling. Attackers were able to access TeamViewer accounts that reused passwords on one or more of those sites, the company said.
“We are appalled by the behaviour of cyber criminals, and are disgusted by their actions towards TeamViewer users,” Göppingen, Germany-based TeamViewer said in an open letter to users at the time. “They have taken advantage of common use of the same account information across multiple services to cause damage.”
Earlier this month Facebook founder Mark Zuckerberg was targeted by hackers who used his leaked LinkedIn password to access his Twitter and Pinterest accounts, where he had reused the same credentials.
Are you a security pro? Try our quiz!