Skip to main content

Remote access software GoToMyPC hit by “sophisticated password attack”

A password screen with an indecipherable password inputted.
Remote computer access tool GoToMyPC has been hit by a “sophisticated password attack,” and all user passwords have been reset.

Similar to recent issues for TeamViewer, another remote computer sharing software, GoToMyPC’s parent company Citrix believes that the root of the unauthorized access by attackers is due to a password dump.

Related Videos

“Citrix can confirm the recent incident was a password re-use attack, where attackers used usernames and passwords leaked from other websites to access the accounts of GoToMyPC users,” said the company in a statement to users, which also came with advice on coming up with a stronger password and encourages everyone to use two-factor authentication.

All affected accounts have been issued the mandatory password reset. GoToMyPC has not confirmed how many accounts have been caught up in the password breaches. Citrix has also not confirmed or commented on whether its other GoTo services, like GoToMeeting and GoToAssist, have been affected.

Several services are beginning to feel the wrath of massive password dumps yielded from data breaches and hacks at other sites. This is a problem because many people reuse passwords on various sites, which leaves them open to being compromised through many routes once a single password is leaked from any source.

“It’s a fair bet that whoever perpetrated this attack had help from huge email and password lists recently leaked online from older breaches at LinkedIn, MySpace and Tumblr to name a few,” said security expert Brian Krebs. “Re-using passwords at multiple sites is a bad idea to begin with, but re-using your GoToMyPC remote administrator password at other sites seems like an exceptionally lousy idea.”

As many TeamViewer users found out over the last few months, reusing a password from one site can have catastrophic effects on others. Software like TeamViewer and GoToMyPC allow remote access to your computer, and reusing a password that’s ultimately compromised can be a detriment to your whole system and other online accounts. Users have been warned for years not to re-use passwords, but with the recent deluge of online data dumps, they’re being used for attacks on a much larger scale than is typical.

Editors' Recommendations

The most common Chromebook problems and how to fix them
A person working on a Toshiba Chromebook.

Chromebooks are great alternatives to MacBooks and Windows 10 laptops, but they aren’t perfect. Any laptop computer is bound to have issues, and some of the most common problems faced by Chromebook users can feel difficult or even impossible to solve on their own. 

From issues with updates to internet connectivity, troubleshooting common Chromebook problems doesn’t have to ruin your day. Read on to discover easy fixes for the most frequent issues Chromebook users face. 
The Diagnostics app

Read more
These are the new AI features coming to Gmail, Google Docs, and Sheets
Google has announced a host of new writing focused AI features for its Workspace suite.

Google Workspace is getting a generative AI boost at the same time that many other productivity suites are adding new features that allow users to simplify clerical tasks with just a prompt.

Following up on the visual redesign to Google Docs and the announcement of Google Bard, these new AI features are the company's latest attempt to bring more buzzy goodness to its most popular applications.

Read more
Hackers are using AI to spread dangerous malware on YouTube
Windows shows a malware warning on a Dell laptop.

YouTube is the latest frontier where AI-generated content is being used to dupe users into downloading malware that can steal their personal information.

As AI generation becomes increasingly popular on several platforms, so does the desire to profit from it in malicious ways. The research firm CloudSEK has observed a 200% to 300% increase in the number of videos on YouTube that include links to popular malware sources such as Vidar, RedLine, and Raccoon directly in the descriptions since November 2022.

Read more