Unfortunately, the GoToMYPC service has been targeted by a ‘very sophisticated password attack’, says GoToMYPC. With comments from Lisa Baergen, director at NuData Security.
Users of the GoToMyPC remote desktop software have had their passwords automatically reset ‘at the back end’ by Citrix, the firm that owns the brand and the software behind the service. Hackers attacked the service, which has been previously criticised for failing to recommend complex passwords, two-factor authentication and advising against password reuse; three of the biggest security failings many users exhibit today. GoToMyPC has subsequently issued an advisory aiming to address some (but not all) of these exact shortcomings.
Admitting to what it labels a ‘very sophisticated password attack’, GoToMyPC recommends that users take the following steps to ensure their security:
Don’t use a word from the dictionary. Select strong passwords that can’t easily be guessed, with eight or more characters. Make it complex – randomly add capital letters, punctuation or symbols. Substitute numbers for letters that look similar (for example, substitute “0” for “o” or “3” for “E”.
Speaking to SCMagazineUK.com in line with this story, Lisa Baergen director at NuData Security apologised for sounding like a broken record. It’s only been a couple of weeks since TeamViewer user accounts were hijacked she reminded us. “Although usernames and passwords can be changed, as being asked here by Citrix, victims of a breach need to understand that every bit of information exposed is important and building out solid packages of identity information on the dark web,” she said.
For the complete article, go here.