1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

GoToMyPC Hacked

Discussion in 'BlackHat Lounge' started by BassTrackerBoats, Jun 19, 2016.

  1. BassTrackerBoats

    BassTrackerBoats Super Moderator Staff Member Moderator Jr. VIP

    Joined:
    Mar 10, 2010
    Messages:
    15,920
    Likes Received:
    29,250
    Occupation:
    Selling CPA Sites
    Location:
    Not England
    Home Page:
    Experiencing a problem logging into GoToMyPC? There's a reason for that. Your password has been reset by Citrix, the company which runs GoToMyPC.com, after hackers reportedly attacked the service.

    Here is part of GoToMyPC's security advisory:

    IMPORTANT SECURITY MESSAGE FROM THE GoToMYPC TEAM

    Dear Valued Customer,

    Unfortunately, the GoToMYPC service has been targeted by a very sophisticated password attack. To protect you, the security team recommended that we reset all customer passwords immediately.

    Effective immediately, you will be required to reset your GoToMYPC password before you can login again.
    To reset your password please use your regular GoToMYPC login link.

    Recommendations for a strong password:

    • Don’t use a word from the dictionary
    • Select strong passwords that can't easily be guessed with 8 or more characters
    • Make it Complex – Randomly add capital letters, punctuation or symbols
    • Substitute numbers for letters that look similar (for example, substitute “0” for “o” or “3” for “E”.
    It's a shame in their recommendations GoToMyPC's security team left out the most important one of all - don't reuse your passwords in multiple places.

    After all, it's sensible that your GoToMyPC password has been changed - but you also need to ensure that you change your passwords on any site *other* than GoToMyPC if you were making the mistake of not using unique passwords.

    It's also a pity that the details are a little sketchy.

    Has GoToMyPC suffered a data breach, with passwords nabbed from its servers by online criminals, or is it that attackers are using credentials stolen from other sites to gain access to GoToMyPC accounts?

    Right now, GoToMyPC isn't saying. Maybe it simply doesn't know.

    GoToMyPC is sensibly recommending customers enable two-step verification, which will mean any potential hackers will need more than your password alone to access your account.

    The news of the GoToMyPC security breach comes soon after users of TeamViewer, another service for remote desktop access, claimed that their accounts had also been attacked - although the company has denied that it has suffered a security incident.

    Source: https://www.grahamcluley.com/2016/06/gotomypc-hacked-customer-passwords-reset/
     
  2. jamie3000

    jamie3000 Supreme Member

    Joined:
    Jun 30, 2014
    Messages:
    1,311
    Likes Received:
    586
    Occupation:
    Finance coder looking for semi-retirement
    Location:
    uk
    Thanks for the heads up. Also a lot of team viewer users getting hacked recently.
     
  3. The Doctor

    The Doctor Jr. VIP Jr. VIP

    Joined:
    Dec 18, 2010
    Messages:
    883
    Likes Received:
    261
    Occupation:
    Computer Scientist, Engineer, Programmer.
    Location:
    ☆☆☆☆☆☆
    Home Page:
    Anyone who would leave a proprietary centralized RAT running on their machine needs a wake up call. Use an open source solution (VNC is tried and true), forward a port, and setup DDNS. There's probably even an open source solution that supports reverse connections for NAT traversal where port forwarding isn't possible. I don't even like the fact that my OS's packages come from a central web server but at least the updates are open source with checksums.
     
  4. tahajawed

    tahajawed Jr. VIP Jr. VIP

    Joined:
    Oct 21, 2014
    Messages:
    373
    Likes Received:
    36
    First teamviewer and now that. This shit is scary.