Categories: Security

GoToMYPC Resets Passwords After ‘Sophisticated’ Attack

GoToMYPC, a Citrix-run service that allows users to remotely access their computers, has reset all users’ passwords following a “sophisticated” attack.

The incident comes shortly after widely reported attacks on user systems using a similar remote desktop tool called TeamViewer.

Password reset

GoToMYPC did not indicate whether any passwords had been successfully stolen, but indicated it was resetting all passwords as a precaution.

“Unfortunately, the GoToMYPC service has been targeted by a very sophisticated password attack,” the service said in an advisory on Sunday. “To protect you, the security team recommended that we reset all customer passwords immediately. Effective immediately, you will be required to reset your GoToMYPC password before you can login again… We apologise for the frustration this issue is causing.”

GoToMYPC advised users to select a strong, complex password and also recommended users switch on two-step verification, meaning an attacker would require more than a password alone to access the account.

On Saturday the service had said it was investigating an unnamed “issue” that might require a password reset.

TeamViewer targeted

While it isn’t clear whether any passwords have been stolen from GoToMYPC, users should also change passwords they may have reused on other sites to be on the safe side, said security analyst Graham Cluley.

“It’s a shame in their recommendations GoToMyPC’s security team left out the most important one of all – don’t reuse your passwords in multiple places,” he wrote in a blog post.”It’s sensible that your GoToMyPC password has been changed – but you also need to ensure that you change your passwords on any site other than GoToMyPC if you were making the mistake of not using unique passwords.”

Earlier this month TeamViewer, which makes another popular remote-login software package, has said it would introduce new security features in response to a rash of reports of attackers using the platform to infiltrate users’ systems.

The company said the attacks appeared to be connected with the recent sale online of several hundred million passwords from a number of social media websites, including LinkedIn, MySpace, Tumblr and Fling. Attackers were able to access TeamViewer accounts that reused passwords on one or more of those sites, the company said.

“We are appalled by the behaviour of cyber criminals, and are disgusted by their actions towards TeamViewer users,” Göppingen, Germany-based TeamViewer said in an open letter to users at the time. “They have taken advantage of common use of the same account information across multiple services to cause damage.”

Earlier this month Facebook founder Mark Zuckerberg was targeted by hackers who used his leaked LinkedIn password to access his Twitter and Pinterest accounts, where he had reused the same credentials.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago