LastPass owner GoTo (formerly LogMeIn) said Tuesday that an unidentified attacker had stolen encrypted backups of some customer data and some encrypted backups of those backups in an incident in November 2022. revealed that he was able to steal the encryption key.
The compromise targeting a third-party cloud storage service affected Central, Pro, join.me, Hamachi and RemotelyAnywhere products, the company said.
“Affected information varies by product, but account usernames, salted and hashed passwords, some multi-factor authentication (MFA) settings, and some product settings and license information. ,” said GoTo’s Paddy Srinivasan.
Additionally, MFA settings related to a subset of Rescue and GoToMyPC customers were affected, but there is no evidence that the encrypted databases related to the two services were compromised.
The company did not disclose how many users were affected, but said it was contacting victims directly to provide additional information and to recommend “actionable steps” to protect their accounts. increase.
GoTo has also taken steps to reset affected users’ passwords and require them to re-verify their MFA settings. Additionally, it said it was migrating accounts to a hardened identity management platform that it claims offers more robust security.
The enterprise software provider emphasized that it permanently stores credit card details and does not collect personal information such as date of birth, address or social security number.
The announcement comes about two months after both GoTo and LastPass revealed “unusual activity within third-party cloud storage services” shared by the two platforms.
LastPass announced in December 2022 that the digital heist used information stolen from a previous breach in August to allow adversaries to steal large amounts of customer data, including encrypted password vault backups. He also made it possible.
The information obtained was “used to target another employee and obtained credentials and keys used to access and decrypt some storage volumes within a cloud-based storage service. ‘, it points out.
