2018 has seen an unprecedented number of records breached by hackers. According to the Breach Level Index, in just the first half of 2018, more records were compromised than in all of 2017. The number of records compromised in 2018 is in the multi billions. It’s staggering. With the credentials harvested from these attacks, and the bad guys knowing that people will use the same password for multiple systems and websites, “credential stuffing” — a type of cyber-attack where stolen emails and passwords obtained through these types of breaches are used to try and gain unauthorized access to other systems — has become a serious threat facing businesses and individuals.
Late last week, not long after new high profile security breaches were revealed, in the course of our ongoing security monitoring, we saw incidences in ShareFile that had some of the characteristics of credential stuffing. After further analysis, we became very concerned that indeed perpetrators were using credentials obtained from breaches unrelated to ShareFile to attempt to gain access to individual accounts. We do not believe that this issue resulted from a compromise of our systems.
We made an immediate decision to limit the risk to our ShareFile customers by forcing a password reset. We knew the timing over the weekend was not ideal, but felt it far more important to help our customers by fundamentally stopping the credential stuffing effort. We acknowledge it has been inconvenient to customers, and regret the inconvenience, but we were acting in our customers’ best interests. It was the most expeditious way to end the attack, and proactively help our customer protect their data.
To be clear, if there is any misunderstanding, the users of the ShareFile service were experiencing a credential stuffing attack. We moved quickly and decisively to end it for the benefit of our users.
ShareFile supports multi-factor authentication, a security mechanism that requires more than one method of authentication (for instance a password and security code received as a SMS). We strongly recommend multi-factor authentication as a best practice, and it is an optional setting within ShareFile that administrators can turn-on.
In the interim, we are working to help our customers with their password resets, even bringing on extra help to process calls and tickets faster. We do point administrators to the support page first, which provides a wealth of direction and tips, as wait times for the help desk are lengthy at the moment but expected to improve. Please refer to the articles “Modify ShareFile Security Settings” https://support.citrix.com/article/CTX227767 which will assist you in Password Management, and “ShareFile Password Management” https://support.citrix.com/article/CTX208278 which will assist you with the Forgot Password functionality, which is needed to reset your password.