Hackers didn’t just gain access to LastPass data

Almost a month after the incident was reported, in December last year, LastPass announced that after the November break-in, unauthorized attackers could virtually enter and exit the system during a hacker attack on one of the company’s cloud storage facilities operated by a third party. The world’s most popular password management provider has essentially admitted that hackers had access to all user data in existence – encrypted and unencrypted.

LastPass CEO Karim Toubba said at the time that the unauthorized party also had access to customer information stored on a third-party cloud service shared by LastPass and GoTo.

Recently updated in a blog post GoTo writes that the leak affects several of the company’s products and customers, including the Central communications tool, the online meetings Join.me, the virtual private network Hamachi, the Remotely Anywhere remote access tool, and the Pro service.

The intruders obtained encrypted backup copies of the affected customers of the services, as well as encryption keys for some of them. The information obtained varies by product and may include account usernames, salted passwords or hashes, multi-factor authentication (MFA) settings, or even license information for certain products. In the case of Rescue and GoToMyPC, the databases could not be accessed, but the MFA settings information for some customers was.

According to GoTo, the company does not store sensitive information such as customers’ credit card or bank card details, date of birth, address, or social security numbers – this contrasts with the leak affecting LastPass, during which the attackers had access to the contents of the encrypted password storage, names , e-mail addresses and certain billing information were also accessed.

GoTo has not yet announced how many of its nearly 800,000 customers were affected by the incident, the company will soon contact them directly and continue investigating the matter.


Source: HWSW Informatikai Hírmagazin by www.hwsw.hu.

*The article has been translated based on the content of HWSW Informatikai Hírmagazin by www.hwsw.hu. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!