advertisement
Facebook Instagram Linkedin Youtube Spotify
Search
Close this search box.
Facebook
X
LinkedIn
WhatsApp
Reddit

That GoTo breach was worse than the firm thought

  • GoTo has provided an update as regards a breach that it announced last year.
  • Encrypted backups from several GoTo enterprise products were stolen as were encryption keys.
  • GoTo says it is contacting affected customers directly.

At the end of November 2022, GoTo (formerly LogMeIn) announced that it had suffered a breach. On Monday GoTo provided an update as part of its ongoing investigation and, well let’s just say there is cause for concern as it’s not just LastPass that was affected.

The company has now said that a threat actor was able to lift encrypted backups from a third-party storage service. The backups that were stolen were from:

  • Central
  • Pro
  • join.me
  • Hamachi
  • RemotelyAnywhere

But wait, it gets worse.

“We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups. The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information. In addition, while Rescue and GoToMyPC encrypted databases were not exfiltrated, MFA settings of a small subset of their customers were impacted,” GoTo reports.

The firm says it is contacting affected customers directly to provide additional information and recommend actionable steps they can take. The passwords of those users and MFA settings are being reset as a precaution.

“In addition, we are migrating their accounts onto an enhanced Identity Management Platform, which will provide additional security with more robust authentication and login-based security options,” GoTo adds.

This breach has been monumentally bad for GoTo. Not only was LastPass customer information compromised, now the firm’s enterprise customers are in a precarious position. Furthermore, these customers have their own customers who could now potentially be in a dangerous situation.

The incident has already drawn harsh criticism from cybersecurity experts when it was made public and with this latest revelation, we have to wonder how GoTo’s reputation will suffer as a result.

Should be a GoTo customer using the products above, it might be best to start considering alternatives. We also recommend keeping an eye out for possible breaches on your own perimeter as the amount of data that was exfiltrated from GoTo really is alarming.

advertisement

About Author

More
Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.
advertisement

Related News

Public and private sector partner up to drive investment in local advertising sector

South Africa’s answer to Amazon Prime is here, from Takealot

Ecommerce moves too quickly for most businesses to keep up

“Another export crisis” facing Transnet port in Cape Town

These little robots are the latest in-store marketing craze in SA

Most South Africans don’t believe shopping online is safe and secure

advertisement
Facebook Instagram Linkedin Youtube Spotify
Hypertext is one of South Africa’s leading technology news and reviews sites. We publish original content daily for consumers and businesses.
All original words & media by Hypertext by htxt.media are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Hypertext. Where images and material are supplied by rights holders outside of htxt.media, original publishing licences are indicated and unaffected.
Click here to suggest a story.
Click here for advertising.
© 2024. All rights reserved by HTXT.