Categories: Security

GoToMYPC Resets Passwords After ‘Sophisticated’ Attack

GoToMYPC, a Citrix-run service that allows users to remotely access their computers, has reset all users’ passwords following a “sophisticated” attack.

The incident comes shortly after widely reported attacks on user systems using a similar remote desktop tool called TeamViewer.

Password reset

GoToMYPC did not indicate whether any passwords had been successfully stolen, but indicated it was resetting all passwords as a precaution.

“Unfortunately, the GoToMYPC service has been targeted by a very sophisticated password attack,” the service said in an advisory on Sunday. “To protect you, the security team recommended that we reset all customer passwords immediately. Effective immediately, you will be required to reset your GoToMYPC password before you can login again… We apologise for the frustration this issue is causing.”

GoToMYPC advised users to select a strong, complex password and also recommended users switch on two-step verification, meaning an attacker would require more than a password alone to access the account.

On Saturday the service had said it was investigating an unnamed “issue” that might require a password reset.

TeamViewer targeted

While it isn’t clear whether any passwords have been stolen from GoToMYPC, users should also change passwords they may have reused on other sites to be on the safe side, said security analyst Graham Cluley.

“It’s a shame in their recommendations GoToMyPC’s security team left out the most important one of all – don’t reuse your passwords in multiple places,” he wrote in a blog post.”It’s sensible that your GoToMyPC password has been changed – but you also need to ensure that you change your passwords on any site other than GoToMyPC if you were making the mistake of not using unique passwords.”

Earlier this month TeamViewer, which makes another popular remote-login software package, has said it would introduce new security features in response to a rash of reports of attackers using the platform to infiltrate users’ systems.

The company said the attacks appeared to be connected with the recent sale online of several hundred million passwords from a number of social media websites, including LinkedIn, MySpace, Tumblr and Fling. Attackers were able to access TeamViewer accounts that reused passwords on one or more of those sites, the company said.

“We are appalled by the behaviour of cyber criminals, and are disgusted by their actions towards TeamViewer users,” Göppingen, Germany-based TeamViewer said in an open letter to users at the time. “They have taken advantage of common use of the same account information across multiple services to cause damage.”

Earlier this month Facebook founder Mark Zuckerberg was targeted by hackers who used his leaked LinkedIn password to access his Twitter and Pinterest accounts, where he had reused the same credentials.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

7 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

9 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

10 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

11 hours ago