The Australian Government has issued a “high priority alert” to Citrix users following a security attack on the vendor’s GoToMyPC remote login application.
Delivered through a Stay Smart Online Alert Service - an Australian Government initiative - users have been advised to reset passwords on the remote desktop sharing application and enable 2-step verification following the breach.
At the time of writing, it was not clear what information was compromised but the vendor confirmed the incident was a password re-use attack, where attackers used usernames and passwords leaked from other websites to access the accounts of GoToMyPC users, which allows remote access to PCs over the internet.
“Citrix takes the safety and security of its customers very seriously, and is aware of the password attack on GoToMyPC,” an incident report stated.
“Once Citrix determined the nature of the attack, it took immediate action to protect customers. At this time, the response includes a mandatory password reset for all GoToMyPC users.”
Citrix said there was no indication of compromise to any other of its product line, advising users that they may be blocked from accessing the official GoToMyPC website according to corporate IT policies.
Despite the breach, Citrix said no personal information was comprised as a result of the attack.
“Our initial assessment indicates that no sensitive customer data (such as credit card information) was exposed,” the report stated.
“We are continuing an in-depth forensic investigation and will share the results of this investigation as soon as feasible.”
Revealed in November 2015, the vendor plans to spin off its GoTo family of products into a separate, publicly traded company by the second half of 2016, focusing on enterprise with the loss of 1,000 jobs.
As a result, the GoTo business, which has about $US600 million in trailing 12-month revenue, will become an independent entity, consisting of GoToMyPC, GoToAssist, GoToMeeting, GoToTraining, GoToWebinar, Grasshopper and OpenVoice.
ARN reached out to Citrix locally but the vendor declined to comment.