Remote computer access tool GoToMyPC has been hit by a “sophisticated password attack,” and all user passwords have been reset.
Similar to recent issues for TeamViewer, another remote computer sharing software, GoToMyPC’s parent company Citrix believes that the root of the unauthorized access by attackers is due to a password dump.
“Citrix can confirm the recent incident was a password re-use attack, where attackers used usernames and passwords leaked from other websites to access the accounts of GoToMyPC users,” said the company in a statement to users, which also came with advice on coming up with a stronger password and encourages everyone to use two-factor authentication.
All affected accounts have been issued the mandatory password reset. GoToMyPC has not confirmed how many accounts have been caught up in the password breaches. Citrix has also not confirmed or commented on whether its other GoTo services, like GoToMeeting and GoToAssist, have been affected.
Several services are beginning to feel the wrath of massive password dumps yielded from data breaches and hacks at other sites. This is a problem because many people reuse passwords on various sites, which leaves them open to being compromised through many routes once a single password is leaked from any source.
“It’s a fair bet that whoever perpetrated this attack had help from huge email and password lists recently leaked online from older breaches at LinkedIn, MySpace and Tumblr to name a few,” said security expert Brian Krebs. “Re-using passwords at multiple sites is a bad idea to begin with, but re-using your GoToMyPC remote administrator password at other sites seems like an exceptionally lousy idea.”
As many TeamViewer users found out over the last few months, reusing a password from one site can have catastrophic effects on others. Software like TeamViewer and GoToMyPC allow remote access to your computer, and reusing a password that’s ultimately compromised can be a detriment to your whole system and other online accounts. Users have been warned for years not to re-use passwords, but with the recent deluge of online data dumps, they’re being used for attacks on a much larger scale than is typical.