• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

GoTo admits hackers stole customer backups in LastPass breach

You are here: Home / General Cyber Security News / GoTo admits hackers stole customer backups in LastPass breach
January 25, 2023

A gloved cartoon hand inserts a key, the teeth of which are asterisks, into a keyhole against a red background

Communications firm GoTo has discovered that risk actors stole encrypted buyer backups and delicate merchandise info in a November 2022 attack, which also impacted subsidiary LastPass.

The company has mentioned that account usernames, salted and hashed passwords, and multi-factor authentication (MFA) settings had been incorporated in the stolen facts which was taken from a third-party cloud storage assistance in the November incident. 

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Whilst this customer backup facts is encrypted, the corporation thinks that the menace actor behind the attack also stole an encryption essential for a portion of the stolen backups.

GoTo said that the key linked to a “portion” of the knowledge, but did not elaborate on which documents are vulnerable to decryption by the risk actor.

As GoTo does not retailer payment specifics, nor obtain or keep person addresses, dates of start, or other this kind of identifiable details, info of this form was not provided in the breach.

The company has also warned that backups relating to other companies it runs ended up stolen, such as its virtual non-public network (VPN) item Hamachi and distant obtain apps Central and Pro.

GoTo subsidiary LastPass had commenced an investigation in collaboration with Mandiant following a breach in November 2022 that saw menace actors obtain a third-party cloud storage method used by equally LastPass and GoTo.

“At this time, we have no evidence of exfiltration influencing any other GoTo products other than those referenced above or any of GoTo’s creation methods,” said Paddy Srinivasan, CEO at GoTo, in a blog publish.

“We are contacting affected shoppers straight to offer more info and endorse actionable methods for them to just take to additional safe their account.”

GoTo has mentioned it will deliver tips for next measures for building impacted accounts safe. Shoppers who were being impacted by the breach will have passwords reset as a precautionary measure, and MFA configurations reauthorised.

The business has also fully commited to migrating accounts to an id management system, to more safe accounts from probable upcoming motion.

This is the third attack impacting GoTo and its subsidiaries in the previous 12 months. In August 2022 a hacker exfiltrated LastPass supply code, however Karim Toubba, CEO at the firm, denied that customer information and facts experienced been impacted in this breach. 

Due to the fact then, the LastPass admitted encrypted password vaults had been stolen, and that names, email addresses, phone figures and payment information. This has prompted issues that stolen facts could be utilised for mass phishing campaigns.

“Any breach is regrettable for all these impacted,” reported Javvad Malik, guide security awareness advocate at KnowBe4.

“While in this situation the facts was encrypted, the actuality that the decryption keys ended up also stolen renders the encryption worthless. Hence, impacted consumers should really address this as a comprehensive breach of all facts and just take the essential steps to safeguard themselves from any fallout. 

“This can contain altering their passwords and currently being on the lookout for any phishing or social engineering frauds which can be crafted making use of the stolen information.”

IT Pro has approached GoTo for remark.


Some components of this posting are sourced from:
www.itpro.co.uk

Previous Post: «how msps can capitalise on smbs' security spending spree How MSPs can capitalise on SMBs’ security spending spree
Next Post: The Definitive Browser Security Checklist the definitive browser security checklist»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • The Definitive Browser Security Checklist
  • GoTo admits hackers stole customer backups in LastPass breach
  • How MSPs can capitalise on SMBs’ security spending spree
  • Delinea appoints David Castignola as new CRO, sales leader
  • Regulator Stress Test Highlights Cyber Insurance Concerns
  • North Korean Hackers Turn to Credential Harvesting in Latest Wave of Cyberattacks
  • New Cheats May Emerge After Riot Games Hack
  • Just Half of Firms Have Sufficient Cybersecurity Budget
  • LastPass Parent Company GoTo Suffers Data Breach, Customers’ Backups Compromised
  • VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities

Copyright © TheCyberSecurity.News, All Rights Reserved.