IT management software firm GoTo on Tuesday said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach that also affected its LastPass affiliate.
GoTo chief executive Paddy Srinivasan confirmed the security breach was far worse than originally reported and included the theft of account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information.
In a notice posted online, Srinivasan the encrypted backups were related to multiple GoTo-owned software products:
“Our investigation to date has determined that a threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro, join.me, Hamachi, and RemotelyAnywhere.
We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups. The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information.
In addition, while Rescue and GoToMyPC encrypted databases were not exfiltrated, MFA settings of a small subset of their customers were impacted.”
Srinivasan said the company has no evidence of exfiltration affecting any other GoTo products or any of GoTo’s production systems.
Even though all account passwords were salted and hashed in accordance with best practices, Srinivasan said GoTo plans to reset the passwords of affected users and/or reauthorize MFA settings where applicable.
“In addition, we are migrating their accounts onto an enhanced Identity Management Platform, which will provide additional security with more robust auth ..
Support the originator by clicking the read the rest link below.
