LastPass Parent Company GoTo Suffers Data Breach, Customers’ Backups Compromised

Share This Post

LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers’ data along with an encryption key for some of those backups in a November 2022 incident.

The breach, which targeted a third-party cloud storage service, impacted Central, Pro, join.me, Hamachi, and RemotelyAnywhere products, the company said.

“The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of multi-factor Authentication (MFA) settings, as well as some product settings and licensing information,” GoTo’s Paddy Srinivasan said.

Additionally, MFA settings pertaining to a subset of its Rescue and GoToMyPC customers were impacted, although there is no evidence that the encrypted databases associated with the two services were exfiltrated.

The company did not disclose how many users were impacted, but said it’s directly contacting the victims to provide additional information and recommend certain “actionable steps” to secure their accounts.

GoTo has also taken the step of resetting the passwords of affected users and requiring them to reauthorize MFA settings. It further said it’s migrating their accounts to an enhanced identity management platform that claims to offer more robust security.

The enterprise software provider emphasized that it does store full credit card details and that it does not collect personal information such as dates of birth, addresses, and Social Security numbers.

The announcement comes nearly two months after both GoTo and LastPass disclosed “unusual activity within a third-party cloud storage service” that’s shared by the two platforms.

LastPass, in December 2022, also revealed that the digital burglary leveraged information stolen from an earlier breach that took place in August and enabled the adversary to steal a massive stash of customer data, including a backup of their encrypted password vaults.

The obtained information was “used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service,” it noted.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

The Hacker News

Read More

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.
Article

BFU – Seeing is Believing

Oh no, the device is in BFU. This is the common reaction; a device needs extracting, and you find it in a BFU state. Often, there’s an assumption that a BFU extraction will only acquire basic information, but that isn’t always the case.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .