GoToMyPC accounts hacked, all customer passwords reset

GoToMyPC accounts hacked, all customer passwords reset

Remote access tool gets remotely accessed… by hackers.

GoToMyPC

GoToMyPC

Experiencing a problem logging into GoToMyPC? There’s a reason for that. Your password has been reset by Citrix, the company which runs GoToMyPC.com, after hackers reportedly attacked the service.

Here is part of GoToMyPC’s security advisory:

IMPORTANT SECURITY MESSAGE FROM THE GoToMYPC TEAM

Email Sign up to our newsletterSign up to SLG’s newsletter – “GCHQ”
Security news, advice, and tips.

Dear Valued Customer,

Unfortunately, the GoToMYPC service has been targeted by a very sophisticated password attack. To protect you, the security team recommended that we reset all customer passwords immediately.

Effective immediately, you will be required to reset your GoToMYPC password before you can login again.
To reset your password please use your regular GoToMYPC login link.

Recommendations for a strong password:

  • Don’t use a word from the dictionary
  • Select strong passwords that can’t easily be guessed with 8 or more characters
  • Make it Complex – Randomly add capital letters, punctuation or symbols
  • Substitute numbers for letters that look similar (for example, substitute “0” for “o” or “3” for “E”.

It’s a shame in their recommendations GoToMyPC’s security team left out the most important one of all – don’t reuse your passwords in multiple places.

After all, it’s sensible that your GoToMyPC password has been changed – but you also need to ensure that you change your passwords on any site *other* than GoToMyPC if you were making the mistake of not using unique passwords.

It’s also a pity that the details are a little sketchy.

Has GoToMyPC suffered a data breach, with passwords nabbed from its servers by online criminals, or is it that attackers are using credentials stolen from other sites to gain access to GoToMyPC accounts?

Right now, GoToMyPC isn’t saying. Maybe it simply doesn’t know.

GoToMyPC is sensibly recommending customers enable two-step verification, which will mean any potential hackers will need more than your password alone to access your account.

The news of the GoToMyPC security breach comes soon after users of TeamViewer, another service for remote desktop access, claimed that their accounts had also been attacked – although the company has denied that it has suffered a security incident.

Hat-tip: Thanks to @PeterVogel for first bringing GoToMyPC’s security advisory to my attention.

Found this article interesting? Follow SLG on Twitter to read more of the exclusive content we post.

Leave a Reply

Your email address will not be published. Required fields are marked *