GoToMyPC Hacked, User Credentials Compromised

A sophisticated and disruptive cyber-attack on Citrix's SaaS-based remote desktop service provider, GoToMyPC, has compromised the login information for its entire user-base.

The Verge reports that the exact number of compromised passwords is not yet known: “It's not clear how many accounts were breached in the attack, or how many PCs were remotely controlled by the attackers. If malicious users were able to gain control of any PCs, then this could have opened up GoToMyPC users to additional breaches if website passwords were stored or cached in a browser and the attacker had full control over the PC.”

An official GoToMyPC statement explained the situation: “Unfortunately, the GoToMyPC service has been targeted by a very sophisticated password attack. To protect you, the security team recommended that we reset all customer passwords immediately. “

Although the hackers were not able to compromise any of its internal systems, customers reported not being able to log into their accounts and being forced to reset their passwords. Shortly after the first reports, GoToMyPC warned its user base of the cyber-attack.

As CNET states, these type of attacks are all too common: “Cyberattacks against websites have jumped in recent years as hackers find new ways to exploit security flaws. Hackers often sell stolen customer credentials on the black market. Users typically are prompted to reset their passwords but still have to worry about their personal information winding up in the wrong hands.”

According to TopTechNews, the hackers were able to penetrate GoToMyPC by utilizing stolen user credentials: “The attackers apparently used login names and passwords found in other data breaches to get at the GoToMyPC accounts.” 

Following the attack, GoToMyPC provided its users with thorough instructions regarding their password reset and helpful steps on keeping their login information safe from future attacks. Yet, leading cyber-security expert Mandy Huth had this to say: "It is not enough to think that we are exempt from these types of hacks, but we must not become complacent in our efforts to protect ourselves. Our society is now a data-driven, connected place. Just as people had to learn the rules of driving as cars became part of society, so, too, must we learn the rules of good password management."

So far it seems that sensitive user data was not exposed, but GoToMyPC will continue to investigate the attack. 

Unlike Public Clouds or SaaS platforms, the Abacus Private Cloud is built exclusively to run your business technology in a fully integrated, secured, and managed environment that protects against these types of threats.