June 19, 2016
GoToMyPC has decided to reset user passwords after attackers tried to hack into customer accounts over the weekend using what the company calls a “very sophisticated password attack.”
GoToMyPC is a service that allows users remote access to their home or work computers using a suite of desktop and mobile apps. The service is similar to TeamViewer and is managed by IT firm Citrix, who also runs the more popular GoToMeeting service.
Attack started on Saturday, June 18, first signs that something was terribly wrong appeared on Saturday, when the service announced it was experiencing some issue that required the IT staff to reset user passwords. The service published tips on how to reset passwords later during the day, but nothing more.
GoToMyPC released more details on Sunday morning (London timezone) when the company’s security staff said a sophisticated attack forced them to reset user passwords.
The company didn’t provide any other details, but this seems to be another automated ATO (account takeover) attack, during which crooks test various username – password credentials in the hope that some users reused passwords across different services.