GoToMyPC announced on their status page that their “service has been targeted by a very sophisticated password attack”.
- The first announcement came at Jun 18, 14:13 UTC which said to reset your password.
- At Jun 18, 21:22 UTC the gave more instructions through the status page. It gave some additional instructions about using an alternate email. It also discussed 2-Step Verification.
- At Jun 19, 03:26 UTC they announced that they had been attacked but did not state whether and users data had been used to access peoples PC’s or accounts.
We found out on Twitter via Troy Hunt:
— Troy Hunt (@troyhunt) June 19, 2016
We set up a social and web monitoring pulling up some previous data using Twitters Firehose.
GoToMyPC Hack Worldwide Impact
The immediate worldwide impact was dramatic and negative as shown by this map. Mainly created using Twitter data from users that declare their location. The map is created using Nuvi social and web monitoring software. It was listed as a reach of over 1.3 Million. That is mostly people that are interested in internet security. Since it is Sunday we can expect major news agencies to publish on the issue tomorrow. GoToMyPC is probably getting contacted by media right now. They may be handling this internally or they may be contacting their PR Company. They should be contacting a Crisis Management company or hopefully they have a crisis plan that they can implement.
GoToMyPc Viral One Hour Snapshot
12 Hours of the crisis as a visual (numbers do not match up due to sort criteria):
What does this mean for me?
GoToMyPC seems to have reset all accounts so there may be no further security risks but has your computer been compromised? You will need to find out.
You should secure your computer, make sure to run spyware and antivirus software. Also look at the recently modified files for anything suspicious.
“don’t use the same password for multiple online service accounts. If you did, change those passwords as well, and watch those accounts for any suspicious activity.”
For Companies you should act as if you were hacked and start searching pastebin for data. Hackers may post your data there while looking for a buyer. System Admins need to go through each computer and email. Change passwords that are used for each account, email, server, computers, routers etc…Make sure each computer is up to date with software, have people that bring computers home bring them in to be checked. Do a complete security audit.
A user on Reddit said that this has been know to everyone besides GoToMyPC.
Missed Communication Opportunities
GoToMyPC failed to tell the stakeholders how data was accessed. Were computers logged on from remote locations? What has been done to prevent this from happening again? There are so many questions yet to be answered.