Skip to main content

GoToMyPC hit by password attack after LinkedIn data dump

GoToMyPC hit by password attack after LinkedIn data dump

Share this story

A wide range of Twitter accounts were attacked earlier this month after a 2012 leaked password dump from LinkedIn started getting shared more broadly recently. Leaked password dumps are now affecting Citrix's GoToMyPC service, which allows users to remote-control their PC from a range of devices. "The GoToMYPC service has been targeted by a very sophisticated password attack," reads a status message posted two days ago. "Citrix can confirm the recent incident was a password re-use attack, where attackers used usernames and passwords leaked from other websites to access the accounts of GoToMyPC users."

Citrix has responded to the password attack by initiating a mandatory password reset for all GoToMyPC users. It's not clear how many accounts were compromised in the attack, or how many PCs were remotely controlled by the attackers. If malicious users were able to gain control of any PCs then this could have opened up GoToMyPC users to additional breaches if website passwords were stored or cached in a browser and the attacker had full control over the PC.

The GoToMyPC attack comes just weeks TeamViewer was also compromised thanks to the reuse of passwords that were leaked in recent dumps. TeamViewer is a similar service for remotely controlling PCs, and attackers were able to breach the service accounts for business users to attack multiple devices. Once again, it's time to stop using the same password across multiple sites. Install a password manager if you need to, or even make your email address as hard to guess as your password.