After over a year of no problems suddenly I cannot login to my sharefile account.No tech support on Sunday. Can someone assist?

  • 13
  • Question
  • Updated 1 week ago
After over a year of no problems suddenly I cannot login to my sharefile account. And there is no tech support open on Sunday. Can someone assist?
Photo of Mark Jeffords

Mark Jeffords

  • 2 Posts
  • 0 Reply Likes

Posted 2 weeks ago

  • 13
Photo of Christopher Jutting

Christopher Jutting

  • 19 Posts
  • 6 Reply Likes
We received the email as well even though we use SSO, so there are no sharefile credentials to reset.  This was handled very poorly. I have a hard time a company as large as Citrix can be so incompetent sometimes.
Photo of Renaud

Renaud

  • 22 Posts
  • 9 Reply Likes
Photo of Christopher Jutting

Christopher Jutting

  • 19 Posts
  • 6 Reply Likes
They have some serious cajones to post that today while IT depts are in mass chaos.
Photo of Michael Carlyle

Michael Carlyle

  • 6 Posts
  • 0 Reply Likes
Users must love their calming on-hold music while waiting on support to get back with them concerning what might actually be breached.
Photo of Brent Berwick

Brent Berwick

  • 7 Posts
  • 6 Reply Likes
Speechless.
Photo of Renaud

Renaud

  • 22 Posts
  • 9 Reply Likes
It's only the beginning...
- December 1st, 2018 Note - 
There has been a constant increase in internet-account credential (usernames and passwords) theft. Those same credentials are often used to access other accounts. 
In response to this, we are requiring a password reset and will be incorporating a regularly-scheduled, forced password reset into our normal operating procedures. Users will need to reset their passwords when logging into ShareFile this week. We believe this is an important step to continue to help our customers use our solutions securely.
Seen on http://status.sharefile.com/
Photo of Marc Kravitz

Marc Kravitz

  • 67 Posts
  • 7 Reply Likes
This is horrendous.
Photo of Michael Carlyle

Michael Carlyle

  • 6 Posts
  • 0 Reply Likes
Bad policy. It will make administrating their Outlook and iManage document management plug-ins that much more difficult. They should really consult users before making blanket changes.
Photo of Coogrrr Coogrrr

Coogrrr Coogrrr

  • 3 Posts
  • 0 Reply Likes
What is interesting is as I read this thread the progression has gone from they blamed all of our accounts as possibly compromised to there is a growing issue of account theft so we are forcing a password reset...

In both cases they assume either ALL of us have had some form of compromise OR all of us have had our accounts stolen - right?

In both cases the chances of this happening to the "Worlds best file sharing program" is nill - impossible.

The real issue - I am an I.T. company owner - industry I.T. veteran since 1990.... What has happened in all likely hood is that they were compromised - so reset everyone OR they inadvertently invoked this new rule and did it prior to forewarning us and don't want the internal mistake to appear to be their own.

Please try the reset and please post back the results. I too am dealing with all of my customers that have this issue this morning.
(Edited)
Photo of Coogrrr Coogrrr

Coogrrr Coogrrr

  • 3 Posts
  • 0 Reply Likes
As an update ... my clients are able to use the "Forgot Password" and reset it to get back in....

Odds of 20 individual accounts working fine on Friday - Failing today and not in use over the weekend have become compromised is impossible so much so I would buy lottery tickets.

I am still leaning on the fact that they have implemented a password security change - not a bad thing at the root of it - HOWEVER they failed to send out notices PRIOR to this forced change and as such now have a mess and bad press to deal with.

I would be firing members of my staff for doing this to a few hundred people let alone thousands and thousands of accounts worldwide.
Photo of Olivier Patiny

Olivier Patiny

  • 8 Posts
  • 6 Reply Likes

One of the reasons that can explain why users do not receive email from sharefile when they select "Forgot Password" is that Sharefile Servers that send the emails seems to be blacklisted.

Example :

https://www.spamcop.net/w3m?action=blcheck&ip=167.89.16.23

Photo of Pereira

Pereira

  • 10 Posts
  • 6 Reply Likes
As service provider it was not funny at the hotline and we don't understand why Citrix is not able to inform this in advance. All our customers where affected. Further I have activated two factor authentication and my user was reseted anyway. Nobody received an E-Mail. And the last thing to Citrix: Have you got not another recaptcha when clicking on forgott password? This is the most stupid recaptcha I ever used.
Photo of Renaud

Renaud

  • 22 Posts
  • 9 Reply Likes
I had to pass this recaptcha like 50 times yesterday... horrendous.
Photo of Greg Creedon

Greg Creedon

  • 2 Posts
  • 0 Reply Likes
It's interesting to note the security certificate for this page is different than than the login page. This one was issued to Citrix, the other not. I think it's clear based on what I'm reading and the fake password reset message there's an ongoing, massive security breach here.
(Edited)
Photo of Brent Berwick

Brent Berwick

  • 10 Posts
  • 6 Reply Likes
I don't think this site is hosted by Citrix.  It's a third party forum service.
Photo of Brent Berwick

Brent Berwick

  • 10 Posts
  • 6 Reply Likes
Why are password reset emails still being sent to my users 48 hours after you required them to reset their passwords?  They did all this already Monday morning.  Queue up another day of confused phone calls and help desk tickets.
Photo of Snider-Rawlins Law Firm

Snider-Rawlins Law Firm

  • 10 Posts
  • 0 Reply Likes
And then there are those of us who never have received any emails advising of the need to reset passwords--no admins, no employee users and no client users. I did get lucky in that the password reset emails have worked for my people. 
(Edited)
Photo of Ted Melvin

Ted Melvin

  • 1 Post
  • 0 Reply Likes

I have over 2,000 clients affected by this. Under GDPR we had to report to them a possible security breach as per Sunday's email. Since then I have logged Support case after support case for the reasons for the email and confirmation of a breach did not actually happen. Finally found the Account Managers name, and guess what, not a single reply from Sharefile. Has anyone actually had any correspondence from Sharefile as to what happened and that everything is secure now.

Have now found this via twitter

https://www.citrix.com/blogs/2018/12/04/citrix-forces-password-reset-to-protect-against-credential-stuffing/


(Edited)
Photo of Brent Berwick

Brent Berwick

  • 10 Posts
  • 6 Reply Likes
That's all I've seen as well.  Support stopped responding to my ticket Monday morning even though I've replied to them since.