The attackers apparently used login names and passwords found in other data breaches to get at the GoToMyPC accounts. The global password reset ordered by GoToMyPC came soon after another of its remote access systems was attacked by hackers who also re-used passwords stolen elsewhere. Citrix said the GoToMyPC data breach did not compromise any of its internal systems.
In a statement, Citrix confirmed reports of the attack and said the stolen login credentials were leaked from various Web sites and used to gain access to the accounts of its users. Citrix responded by doing what it called a mandatory password reset for all its users. In the wake of the password reset, Citrix is requiring GoToMyPC users to reset their passwords before they can log in again, using their regular GoToMyPC login links.
"We encourage our members to enable two-step verification, and to use strong passwords in order to keep their accounts as safe as possible," Citrix said in the statement.
Mandy Huth, director of cybersecurity for Belden, parent company of Tripwire Security, told us today that complacency is just as much the enemy in these scenarios as are the cyberattackers.
"It is not enough to think that we are exempt from these types of hacks, but we must not become complacent in our efforts to protect ourselves," said Huth. "Our society is now a data-driven, connected place. Just as people had to learn the rules of driving as cars became part of society, so,...