LastPass Parent Company GoTo Witnesses Data Breach
Reading Time: < 1 minute

LastPass Parent Company GoTo witnesses data breach on Tuesday leading to hackers managing to steal encrypted backups of some customers’ data along with an encryption key for some of those backups in a November 2022 incident.

According to the company, the data breach targeted a third-party cloud storage service and  impacted Central, Pro, join.me, Hamachi, and RemotelyAnywhere products

 GoTo’s Paddy Srinivasan said, “The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of multi-factor Authentication (MFA) settings, as well as some product settings and licensing information.”

It appears that the encrypted databases associated with Rescue and GoToMyPC were not exfiltrated, although MFA settings for a subset of customers were impacted.

While the company did not reveal how many users were affected, it said it was directly contacting the victims to provide additional information and recommend certain “actionable steps” to secure their accounts.

Additionally, GoTo is resetting passwords of affected users and requiring them to reauthorize MFA settings, in addition to migrating their accounts to a more secure identity management platform.

Despite storing full credit card details, the enterprise software provider does not collect personal information such as dates of birth, addresses, or Social Security numbers.

Two months ago, both GoTo and LastPass disclosed “unusual activity within a third-party cloud storage service” that they share.

Related Articles:
RCMP Warns Users As Cryptocurrency Fraud Calls Rise
VMware Releases Patches for Critical vRealize Log Insight Vulnerabilities
PayPal Hackers Expose Customer Names and Social Security Numbers