GoToMyPC Remote Desktop Service Under Attack, Resets User Passwords

Share this…

Incident seems to be another ATO (account takeover) attack.GoToMyPC decided to reset user passwords after attackers tried to hack into customer accounts over the weekend using what the company calls a “very sophisticated password attack.”

GoToMyPC is a service that allows users remote access to their home or work computers using a suite of desktop and mobile apps. The service is similar to TeamViewer and is managed by IT firm Citrix, who also runs the more popular GoToMeeting service.

Attack started on Saturday, June 18

First signs that something was terribly wrong appeared on Saturday when the service announced it was experiencing some issue that required the IT staff to reset user passwords. The service published tips on how to reset passwords later during the day, but nothing more.

GoToMyPC released more details on Sunday morning (London timezone) when the company’s security staff said a sophisticated attack forced them to reset user passwords.

The company didn’t provide any other details, but this seems to be another automated ATO (account takeover) attack, during which crooks test various username – password credentials in the hope that some users reused passwords across different services.

ATO attacks becoming more popular

Something similar happened to GitHub during the past week. Additionally, we also reported today on two huge ATO attacks that took place this past February, when crooks used over 1.2 million different IP addresses to test login details for a financial institution and a company in the media & entertainment sector.

ATO attacks, also known as Identity Testing Attacks, have become very popular these days, even before the huge data breaches that took place at companies such as LinkedIn, Tumblr, MySpace,, VerticalScope,, and many others.

These data breaches made it worse by dumping over one billion user records online, some of them complete with username – password combos. A lot of these leaked user records were in cleartext, while others used weak hashing functions that would have allowed crooks to easily break them.

Any service should expect ATO attacks against its login section in the following months, and users, above all, should start changing their passwords right away, if they used them across different services.