Cyber Incident Victim: GoToMyPC
Date:
Jun 2016
Location:
United States of America
Summary
A remote access software service experienced a sophisticated password attack, prompting a mandatory password reset for all users after login issues were reported. The company acknowledged delayed detection of the incident and advised customers to adopt complex passwords exceeding eight characters with varied character types, alongside recommending two-step verification for enhanced security. While the firm confirmed unauthorized access attempts, it did not disclose the number of affected users or specify whether personal data was compromised.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 18, 2016, users of GoToMyPC, a remote access software service enabling connections between computers and mobile devices for data syncing, file transfers, and remote printing, began reporting login difficulties. The service provider initially acknowledged an unspecified issue requiring password resets for affected users but did not immediately attribute the problem to malicious activity. By June 19, the company confirmed a cybersecurity incident, publicly stating that GoToMyPC had been targeted by what it described as a "very sophisticated password attack." The attack’s sophistication delayed its detection, though the exact timeframe of unauthorized access attempts remained undisclosed. In response, GoToMyPC’s security team mandated an immediate password reset for all customer accounts globally, regardless of individual exposure, as a precautionary containment measure. This action prevented further logins until users created new credentials, though the company did not disclose the total number of accounts impacted or whether the attackers successfully compromised any specific user credentials during the breach.
The incident’s scope regarding data compromise remained unclear, as GoToMyPC did not confirm whether attackers accessed personal information, stored files, or remote sessions during the password-focused attack. Citrix, the parent company providing the service, did not issue additional statements at the time of reporting. GoToMyPC advised affected users to strengthen replacement passwords by avoiding dictionary words, using over eight characters, and incorporating capitalization, punctuation, or symbols. It further recommended substituting numbers for visually similar letters and enabling two-step verification to enhance account security. The global password reset and revised authentication guidance constituted the primary remediation steps, with no disclosed technical details regarding attack vectors, threat actor origins, or forensic findings beyond the password-centric nature of the incident. Service functionality resumed contingent on password updates, but the lack of confirmed data exfiltration or system manipulation left residual uncertainties about the attack’s full consequences.