Not a breach: Citrix takes preemptive cybercrime strike, forces users to change passwords

Citrix forced its users to reset their passwords after cybercriminals began carrying out credential stuffing attacks against ShareFile accounts.

The company is assuring users the move isn’t in response to a breach or other cyber incident, but instead is a proactive measure to get ahead of cybercriminals who may try to prey on users who have recycled credentials across platforms.

After a series of high profile breaches the firm noticed incidences in ShareFile that had some of the characteristics of credential stuffing raising concerns of perpetrators using credentials obtained from breaches unrelated to ShareFile to attempt to gain access to individual accounts.

“We made an immediate decision to limit the risk to our ShareFile customers by forcing a password reset,” Citrix CISO Stan Black said in a Dec. 4 blog post. “We knew the timing over the weekend was not ideal, but felt it far more important to help our customers by fundamentally stopping the credential stuffing effort.”

Black went on to recommend users implement the multifactor authentication option on their ShareFile accounts. Dana Tamir, VP Market Strategy, Silverfort noted that adding MFA is the best way to validate the user’s identity and protect against password theft.

“File shares are a prime target for hackers as they contain valuable and sensitive data,” Tamir said. “Changing passwords is not enough to prevent breaches because the new passwords can be stolen just as easily.”

Tami added that people tend to change passwords in very predictable ways often just changing the last characters and that applying an MFA on access to file shares is indeed a best practice, however, many types of files shares do not support MFA leaving these data exposed to attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.