Citrix’s GoToMyPC user passwords compromised after hack attack

What’s being called a sophisticated but possibly futile cyberattack on GoToMyPC, a British remote PC access provider, has caused its parent company to reset the passwords of all its clients. In the wake of the password reset, Citrix is requiring GoToMyPC users to reset their passwords before they can log in again, using their regular GoToMyPC login links. Citrix, the company behind GoToMyPC, and the messages, has apologised for falling victim to what it says was a “very sophisticated attack”. “Citrix encourages customers to visit the GoToMyPC status page to learn about enabling two-step verification, and to use strong passwords in order to keep accounts as safe as possible”, Bennett said in a statement.

The company said the attacking third-party didn’t compromise any user accounts, mainly because its staff caught the attack in its early stages. The software is available in consumer, pro and enterprise versions. This time the leadked password dump has allegedly affected Citrix’s GoToMyPC service. And if you (foolishly) use the same login credentials for a number of different services, it’s worth spending a little time this Sunday to change them all.

It’s all good advice, and nothing we have not seen before. This shows how popular such attacks have become, even before the Tumblr, LinkedIn, MySpace, VK, or Twitter mega breaches, which have exposed over one billion username-password combos only in the last two months. TeamViewer denied any hack blaming careless users, but the volume of Tweets on the subject would indicate otherwise. They should also refrain from using the same passwords that they use in other accounts as well as hackers can try and use whatever password they have to access online banking accounts and such. “Given a list of passwords (either from a dictionary) or, better yet, from an existing leak – hackers can easily write scripts that attempt to compromise accounts by guessing multiple passwords”, Wardle said.