Hackers Attack Citrix Remote Access Software

June 20, 2016, 12:04 PM UTC
Online Crime
BERLIN, GERMANY - AUGUST 20: Symbolic feature with topic online crime, data theft and piracy and hacker, here the silhouette of a person with a laptop in his hands, on Augut 20, 2015 in Berlin, Germany. (Photo by Thomas Trutschel/Photothek via Getty Images)
Photography by Thomas Trutschel Photothek via Getty Images

If your company uses Citrix’ GoToMyPC remote access software, listen up: The service has been targeted in what the company termed a “very sophisticated password attack.”

On Sunday, Citrix (CTXS) posted news of a hack attack to its status page and said it had proactively reset all customer passwords. Customers were instructed to go into the service and set up new passwords,

The company recommended the use of complex passwords—not words found in the dictionary—that include a mix of capital letters, punctuation, and/or symbols. And, as has become the recommended practice, it strongly urged them to adopt two-factor authentication. That process requires both the use of a password and a second step, which typically requires a randomly generated code sent to the user’s phone via text or generated by an app like Google (GOOG) Authenticator or RSA (EMC) SecureID.

Get Data Sheet, Fortune’s technology newsletter

GoToMyPC competes with remote access offerings like Bomgar and LogMeIn (LOGM) and VMware (VMW) Workstation that let corporate IT departments reach out to remote workers to provide computer support, upgrades, etc.

Microsoft Bans Easy-Peasy Passwords

Attacks like this illustrate the issues of modern corporate computing where business customers use an array of on-demand services, each of which requires password access. Users typically pick passwords they can remember and, in another dangerous practice, often use the same easy password for multiple services. Those practices will have to change to bolster security of corporate information.