[ad_1]
GoTothe company that owns LastPass and formerly known as LogMeInconfirmed that the breach that took place last August led to the theft of encrypted backups of customers of other services provided by the company, not just password management.
It is a story that we had already had the opportunity to deal with recently and whose first public confirmation arrived on November 30th. Then the CEO of LastPass, Karim Toubba, said an unauthorized party had gained access to some customers’ information stored in a third-party cloud service shared by LastPass and GoTo. To access the cloud service, the attackers used information stolen in a previous LastPass systems breach in August.
GoTo, about two months after it happened, has now issued a communication by which it claims that the attack has impacted many of its products such as the corporate communication tool Centralthe online meeting service Join.meservice Hamachi vpn and the remote access tool Remotely Anywhere. Additionally, GoTo said the attackers stole customers’ encrypted backups from these services, along with the encryption key for data protection.
Paddy SrinivasanCEO of GoTo, said: “Affected information, depending on the product, may include account usernames, hashed and salted passwords, a portion of multi-factor authentication (MFA) settings, as well as some product settings and license information.In addition, the encrypted databases of
Rescue and GoToMyPC have not been exfiltrated, but the MFA settings of a small subset of their customers have been impacted.”
The CEO said GoTo is contacting affected customers directly (which, at this time, it’s unknown how many there may be) to advise them to reset their password and reset their MFA settings “as a precaution.”
.
[ad_2]
Source link
