Last week, GoTo (LastPass’ parent company and victim of a recent horrific security breach) announced it had also been hacked.
Here are some of GoTo’s remarks:
Previous investigations have shown that attackers have stolen encrypted backups from third-party cloud storage services associated with the following products: Central, Pro, join.me, Hamachi, and RemotelyAnywhere.
Uruk. That’s not good. Losing your backup is probably just as bad as losing your password vault. But good to know the backup is encrypted…
There is also evidence that the attacker stole the encryption keys for some of the encrypted backups.
oh.So when I said the backup was encrypted, I actually meant it was encrypted But Can they be easily decrypted?
Saying the backup was encrypted is a bit like trying to claim that a locked box was locked if the key to the locked box was stolen at the same time as the box.
The information affected varies by product, but includes account usernames, salted and hashed passwords, some multi-factor authentication (MFA) settings, and some product settings and licensing information. There are cases. Additionally, although Rescue and GoToMyPC encrypted databases were not stolen, some customers’ MFA settings were affected.
GoTo appears to be forcing password resets for affected accounts and re-authenticating MFA settings “with great care”.
sign up for newsletterSecurity news, advice and tips.
The breach appears to have occurred at a third-party cloud storage service used by both GoTo and the beleaguered LastPass.
While there will undoubtedly be questions as to whether GoTo properly configured the security of their cloud-based storage for backups, perhaps even more about how carefully they handled the encryption keys for these backups. question will arise.
Did you find this article interesting? Follow Graham Cluley on Twitter Or visit Mastodon to read more exclusive content we post.
