"SoyCow4275" writes in with this story via IRC:
Hackers Were Inside Citrix for Five Months:
Citrix provides software used by hundreds of thousands of clients worldwide, including most of the Fortune 100 companies. It is perhaps best known for selling virtual private networking (VPN) software that lets users remotely access networks and computers over an encrypted connection.
In March 2019, the Federal Bureau of Investigation (FBI) alerted Citrix they had reason to believe cybercriminals had gained access to the company's internal network. The FBI told Citrix the hackers likely got in using a technique called "password spraying," a relatively crude but remarkably effective attack that attempts to access a large number of employee accounts (usernames/email addresses) using just a handful of common passwords.
In a statement released at the time, Citrix said it appeared hackers "may have accessed and downloaded business documents," and that it was still working to identify what precisely was accessed or stolen.
But in a letter sent to affected individuals dated Feb. 10, 2020, Citrix disclosed additional details about the incident. According to the letter, the attackers "had intermittent access" to Citrix's internal network between Oct. 13, 2018 and Mar. 8, 2019, and that there was no evidence that the cybercrooks still remain in the company's systems.
Citrix said the information taken by the intruders may have included Social Security Numbers or other tax identification numbers, driver's license numbers, passport numbers, financial account numbers, payment card numbers, and/or limited health claims information, such as health insurance participant identification number and/or claims information relating to date of service and provider name.
It is unclear how many people received this letter, but the communication suggests Citrix is contacting a broad range of individuals who work or worked for the company at some point, as well as those who applied for jobs or internships there and people who may have received health or other benefits from the company by virtue of having a family member employed by the company.
(Score: 5, Insightful) by Anonymous Coward on Friday February 21 2020, @06:39PM (5 children)
which is that citrix the company provides cyber security services to lots of big businesses.
So if they are getting hacked and their employees are compromised, what does that do to the security of their customers?
This is not just an identify theft breach.
(Score: 5, Funny) by ikanreed on Friday February 21 2020, @07:38PM (4 children)
The amount of valueless bullshit on most company VPNs is incredibly high.
I can just imagine breaking into some of the places I've worked "oh look, this might be valuable, a sharepoint page with a 6 gig powerpoint presentation on the transformation of business data into policy compliant business data"
(Score: 1, Informative) by Anonymous Coward on Friday February 21 2020, @08:16PM (2 children)
This is a major breach with national security implications.
(Score: 2) by ikanreed on Friday February 21 2020, @08:20PM (1 child)
I'm gonna level with you, I may have not been entirely serious in that assessment.
But I was very serious in participating in the fourth steering committee meeting for defining pilot models of policy compliant data that adhere to best practices! We used big red cartoon Xes for examples of non policy compliant data that is to be avoided!
(Score: 1) by fustakrakich on Saturday February 22 2020, @12:48AM
We used big red cartoon Xes
Ah, ok, that explains the 6 gigabytes...
La politica e i criminali sono la stessa cosa..
(Score: 2) by Runaway1956 on Saturday February 22 2020, @01:56AM
I've browsed through our own VPN connected shares. If I were a vindictive disgruntled employee, I could find a few gig of stuff that might prove valuable, in the right market. So very much has zero value to anyone, other than the authors and/or the supervisors who directed the authoring. It would be something of a task to distill the valuable out of the valueless.
(Score: 2) by DeathMonkey on Friday February 21 2020, @06:56PM (2 children)
Jebus, they just made Sting [ultimateclassicrock.com] super jealous!
(Score: 0) by Anonymous Coward on Friday February 21 2020, @07:46PM (1 child)
First time I heard the word, "Citrix", I thought it might be some kind of a big bug... (insect, possibly from "cicada"?)
(Score: 0) by Anonymous Coward on Friday February 21 2020, @08:37PM
Citadel or Ricks?
(Score: 4, Funny) by Azuma Hazuki on Saturday February 22 2020, @02:07AM
"Yer muvver's op-shec is Shitrix, Trebheckch!"
I am "that girl" your mother warned you about...
(Score: 2) by jasassin on Sunday February 23 2020, @04:04AM
They don't lock the accounts after five or ten failed login attempts?
Let alone forcing password creation with small and capital letters with one number and one symbol!
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A