Citrix is blaming re-used login credentials stolen from data breaches for unauthorised account access to its Sharefile content collaboration service and will force customers to reset passwords thanks to the attack.
An email sent to affected Sharefile customers by Citrix was posted on Reddit's /r/sysadmin forum warned them of "suspicious activity associated with certain user accounts" that resulted in unauthorised access to information stored on the service.
In the email, Citrix said it believed that the unauthorised party used credentials from third-party sources to access Sharefile accounts.
Citrix did not specifiy how many accounts were affected, or when the attacks took place.
iTnews has approached Citrix for comment on the matter.
Citrix said there is no indication that the unauthorised access is due to a compromise of the company's systems.
Non single-sign on (SSO) customers will now have to reset their passwords; additionally, Citrix said it has disabled unauthorised account access, and will continue to closely monitor its network to detect suspicious activity within Sharefile.
It confirmed the password reset exercise on social media, after users who had received emails about it questioned if a data breach had taken place.
Sharefile supports two-factor authentication (2FA) for added security beyond usernames and passwords for login.
However, Sharefile 2FA has certain limitations, and can't be used with company credentials or a custom login page.
Sharefile 2FA doesn't work with trial accounts either, and isn't compatible with older versions of the service built into Adobe's Air framework.
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
