No explanation on status page. Nothing in my Email. There is a voice mail message in the ShareFile support line that directs users to the Citrix support Case page, but no announcement. Just submit a ticket cold and wait and see.
Glad to hear the password reset works.
It is logical to suspect there was any of several possibilities.
- Could be a suspected compromise to authentication, and they are just being safe by forcing password resets.
- Could be they are purging unauthorized logins.
- Could be they made a mistake during some maintenance, and took something offline, or reset something they should not have.
I see some of you caught this four hours ago. Would be nice to have feedback from ShareFile engineers more timely. At least a simple alert that things are happening, and being worked on.
Dear ShareFile Administrator,
We are writing to notify you of a security incident on the Citrix ShareFile service (aka Citrix Content Collaboration) that affected users on your Citrix ShareFile account. We recently became aware of suspicious activity associated with certain user accounts. Based on our investigation to date, we believe that an unauthorized party used credentials obtained from third-party sources to attempt to access and obtain information from certain Citrix ShareFile user accounts.
We believe these attempts were successful for some Citrix ShareFile user accounts associated with your organization. There is no indication that this issue resulted from a compromise of our systems.
We have taken a number of steps to address this issue, including disabling unauthorized account access and requiring all non-SSO users to reset their passwords. In addition, we continue to closely monitor our network to detect and prevent any suspicious activity associated with the Citrix ShareFile service.
Upon logging into ShareFile users will be prompted to reset their password and receive an email to do so. If they cannot find that email, they can request the email again by clicking on the Forgot Password link from the login page. For help resetting passwords, visit the support page.
If you have disabled the ability for users to reset their passwords, their current password is no longer valid and you will need to reset your end users’ password.
We strongly recommend the use of unique and complex passwords, as well as multi-factor authentication. Users can find more information on managing their access at the following links: password management, multi-factor authentication, and security settings.
Our investigation into this matter is ongoing. We continue to take steps to help our customers use our solutions securely and hope this information is useful to you. If you have any questions regarding this issue, please contact us at https://support.citrix.com/cscase#/ or call 1-800-441-3453.
The Citrix ShareFile and Content Collaboration Team
So I as an Admin receive this email hours after my accounts had their passwords expired but because its Sunday we can't speak with anyone in support. So we know next to nothing except that there was some sort of compromise. This is my favorite part:
"We believe these attempts were successful for some Citrix ShareFile user accounts associated with your organization. There is no indication that this issue resulted from a compromise of our systems."
What the hell does that mean? So some of my accounts were "affected" yet ShareFile was not compromised???
So does anyone else on here have an empty account after logging in with new password?
I have not received the Email mentioned by Brent Berwick.
I also see the update to the Status page, and find it off to see that dated for yesterday, when clearly this all began affecting people today.
It is good that they enact proactive security measures when they suspect suspicious activity. However, from the way that Email to Brent is worded, it seems they have known about this and have been investigating.
So, considering that:
- If it were a planned policy change, then admins should have known about it last week, so we could be prepared to deal with it and users don't get stranded on the weekend.
- If it were not a planned policy change, then we should all have some Email telling us what is going on.
On top of that, when our customers select "Forgot Password" and enter their email address, many of them never receive the email.
How can CITRIX decide for such a change without prior notification ????