Locked out of your Citrix Sharefile Account? You’re welcome.

Tuesday, December 4, 2018

It wasn't MY account that was Hacked!

So this week was probably not the best week to be part of the Citrix Sharefile help desk staff.   It seems like the powers that be at Citrix.com decided to reset ALL non-SSO user passwords without notification.  Happy Monday morning Internet!

To be accurate, they sent a notice to all users of their system that due to suspicious activity, all passwords would need a reset.

There has been a constant increase in internet-account credential (usernames and passwords) theft. Those same credentials are often used to access other accounts. In response to this, we are requiring a password reset and will be incorporating a regularly-scheduled, forced password reset into our normal operating procedures. Users will need to reset their passwords when logging into ShareFile. We believe this is an important step to continue to help our customers use our solutions securely.

To reset your password, please click here..

For help about how to reset your password, please click here.

Honestly, the email itself LOOKED like a phishing scam and I would advised my users/clients to just ignore it.  And I think this is where the real outrage came from on the internet.  People were super upset that advance notice did not go out to Sharefile Administrators so that they could prepare their user base and systems.  They just walked into it on a Monday morning. :(

Today, Citrix has posted a more complete explanation of why they issued their password reset.  Due to high profile leaks and breaches at OTHER companies, they proactively decided on this course of action to prevent Credential Stuffing.  Credential Stuffing is when users use the same username and password across multiple sites and then when one gets breached, attackers have access to other sites through no fault of the second site’s security.  This is a case of the company protecting itself from what it thinks are poor user security practices.  You can read the whole thing here:

https://www.citrix.com/blogs/2018/12/04/citrix-forces-password-reset-to-protect-against-credential-stuffing/

The other thing to note in this message is that going FORWARD they will be instituting regular password resets (no exact timeframe unfortunately) so if you are using Sharefile in any sort of SFTP scripted fashion, you might need to revisit your automated scripts.

There seems to be a lot of pissed off customers related to this security move (or at least the execution of it) so I’m not sure if there will be any reversals of policies by Citrix but in the meantime, at least you know why your users have been calling you. :)

Oh, and if you are using Single Sign On, none of this mattered since the passwords are held under your control.  Other than a confusing email that didn’t apply to your users, it was a non-event.  So if you haven’t put SSO in place yet, this might be a good reason to consider it.

Happy Cloud Computing!

- Carlo

Previous
Next Post »