LastPass’ parent company, GoTo, has confirmed that hackers who attacked the service managed to get hold of the encrypted backups of the users during the last security breach of their systems. This gap was confirmed by the company itself on November 30. So he LastPass CEO Karim Toubait only pointed out that unauthorized third parties had gained access to some of the information of some customers in a cloud service shared by LastPass and GoTo.
The attackers used information they had obtained in a previous breach of LastPass systems, in August of last year, to gain access to the systems. The hackers then gained access to the companies’ shared cloud data. GoTo then limited itself to pointing out that it was investigating the incident.
After the investigation period, the company has acknowledged that the attack affected several of its products. These include enterprise communications tool Central, online meeting service Join.me, hosted VPN service Hamachi, and remote access tool Remotely Anywhere.
Everything points to the fact that the attackers managed to extract the encrypted backup copies of these services, as well as the company’s encryption key, which secures the data. The GoTo CEO Paddy Srinivasan has commented that «The affected information, which varies by product, may include account names, encrypted passwords, a portion of multi-factor authentication (MFA) settings, and a portion of product settings and license information. Also, although they were unable to get hold of the encrypted databases of Rescue and GoToMyPC, the MFA settings of a small group of their customers have been affected.«.
Despite what happened, and the time it took to confirm the scope of the attack, GoTo has not offered any type of guide to solve the problems caused, nor advice to improve their security to affected customers. They have only ensured that they do not store bank or credit card details. Neither is personal information such as date of birth, residence address or Social Security numbers (in the case of US customers).
However, in the case of LastPass, the same is not the case, and the attackers managed to get hold of the contents of the encrypted password files, as well as customer names, email addresses, phone numbers, and billing information. .
GoTo has also not said how many of its customers have been affected. In total, they have 800,000, both companies and individuals. According to Shrinivasan, the company is contacting those affected directlywho are advised to change passwords and change their multi-factor authentication (MFA) settings out of an abundance of caution.
