Skip to main content

Remote access software GoToMyPC hit by “sophisticated password attack”

A password screen with an indecipherable password inputted.
Image used with permission by copyright holder
Remote computer access tool GoToMyPC has been hit by a “sophisticated password attack,” and all user passwords have been reset.

Similar to recent issues for TeamViewer, another remote computer sharing software, GoToMyPC’s parent company Citrix believes that the root of the unauthorized access by attackers is due to a password dump.

Recommended Videos

“Citrix can confirm the recent incident was a password re-use attack, where attackers used usernames and passwords leaked from other websites to access the accounts of GoToMyPC users,” said the company in a statement to users, which also came with advice on coming up with a stronger password and encourages everyone to use two-factor authentication.

Please enable Javascript to view this content

All affected accounts have been issued the mandatory password reset. GoToMyPC has not confirmed how many accounts have been caught up in the password breaches. Citrix has also not confirmed or commented on whether its other GoTo services, like GoToMeeting and GoToAssist, have been affected.

Several services are beginning to feel the wrath of massive password dumps yielded from data breaches and hacks at other sites. This is a problem because many people reuse passwords on various sites, which leaves them open to being compromised through many routes once a single password is leaked from any source.

“It’s a fair bet that whoever perpetrated this attack had help from huge email and password lists recently leaked online from older breaches at LinkedIn, MySpace and Tumblr to name a few,” said security expert Brian Krebs. “Re-using passwords at multiple sites is a bad idea to begin with, but re-using your GoToMyPC remote administrator password at other sites seems like an exceptionally lousy idea.”

As many TeamViewer users found out over the last few months, reusing a password from one site can have catastrophic effects on others. Software like TeamViewer and GoToMyPC allow remote access to your computer, and reusing a password that’s ultimately compromised can be a detriment to your whole system and other online accounts. Users have been warned for years not to re-use passwords, but with the recent deluge of online data dumps, they’re being used for attacks on a much larger scale than is typical.

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
The RTX 5070 Ti may continue Nvidia’s disappointing streak
Nvidia CEO Jensen Huang holding an RTX 50 GPU and a laptop.

The disappointing "paper launch" continues. Nvidia's RTX 5070 Ti is just a couple of days away from launch, but whether it'll actually be readily available is another thing entirely. Although it could rival some of the best graphics cards, the GPU is said to be hard to come by, much like the RTX 5090 and the RTX 5080.

It appears that my worries might be about to come true -- the RTX 5070 Ti will only be available on paper and not in reality, at least if this new leak is to be believed. Channel Gate shared an update on the predicted pricing and stock levels for the RTX 5070 Ti, and it's grim news all around.

Read more
Updated macOS malware variant uncovered by Microsoft
A person using a laptop with a set of code seen on the display.

Microsoft has observed a previously dormant macOS malware that has become active once again in a new variant that is targeting Apple devices of all kinds.

Microsoft Threat Intelligence shared information about the malware in a post on X, indicating that it is a new version of XCSSET that originated in 2022. The security experts explained that the updated malware has “enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies.”

Read more
Google’s new policy tracks all your devices with no opt-out
View of synced tab groups appearing on an iPad.

Google has begun enforcing new tracking rules across connected devices, such as smartphones, consoles, and smart TVs, as BBC reports. The tech giant once called the fingerprint tracking technique "wrong" in 2019, but has since reintroduced it.

Google has commented that other companies broadly use the data, and it started using it on February 16, 2024. However, that may not sound any better since fingerprinting gathers user data about devices' hardware and software, which can then uniquely identify a specific device or user.

Read more