Here we go again—yet another remote desktop service seemingly compromised.
If you’ve been using GoToMYPC to remotely access your desktop or laptop PCs, then now’s as good a time as any to reset your passwords.
And if you (foolishly) use the same login credentials for a number of different services, it’s worth spending a little time this Sunday to change them all. You guessed it—the GoToMYPC service has been hacked.
“Unfortunately, the GoToMYPC service has been targeted by a very sophisticated password attack.
To protect you, the security team recommended that we reset all customer passwords immediately,” reads a message from Citrix.
“Effective immediately, you will be required to reset your GoToMYPC password before you can login again.
To reset your password please use your regular GoToMYPC login link.”
Citrix is still investigating the hack, so it’s unclear just how many users were potentially affected—that includes the total number, and whether it’s just people who have recently been using GoToMYPC or any and all accounts created for the service.
Citrix also hasn’t indicated just how, exactly, attackers got their hands on these stolen passwords.
It’s also unclear whether password were even stolen, or whether the attackers are simply logging into GoToMYPC accounts en masse with stolen credentials from another attack.
Currently, Citrix is recommending that all GoToMYPC users add two-factor authentication to their accounts, which will at least help prevent attackers from gaining access unless they also have access to the exact way that Citrix verifies users are who they say they are.
That doesn’t much help if your login and password was truly swiped, though.
Depending on the size of the breach, we wonder if we’ll soon see GoToMYPC appearing on good ol’ haveibeenpwned.com.
We’ll update this article as we learn new information about the attack.