LastPass owner GoTo confirms data breach
LastPass’ parent company, GoTo, has confirmed the data breach. The company revealed that hackers stole customers’ encrypted backups during a recent breach of its systems. LastPass confirmed the breach on November 30. Now GoTo said in an updated statement that the cyberattack had affected several of its products, including business communications tool Central; online meeting service Join.me; hosted VPN service Hamachi and its Remotely Anywhere remote access tool.
LastPass owner GoTo confirms data breach – Hackers stole customer data backups
Last year, LastPass’ CEO said an “unauthorized party” had gained access to some customers’ information stored in a third-party cloud service. The attackers used information stolen in a previous breach of LastPass systems to further compromise the companies’ shared cloud data.
Now GoTo has also confirmed that the hackers stole customers’ encrypted backups of these services.
“The information involved, which varies by product, may include account usernames, salted and hashed passwords, some of multi-factor authentication (MFA) settings, as well as some product settings and licensing information,” said GoTo CEO Paddy Srinivasan. . “In addition, Rescue and GoToMyPC’s encrypted databases were not exfiltrated, but the MFA settings of a small subset of their customers were impacted.”
GoTo said the company does not store customer credit card or banking information or collect personal information, such as date of birth, home address or social security numbers. Rather, attackers stole the contents of customers’ encrypted password vaults, along with customers’ names, email addresses, phone numbers, and billing information.
GoTo did not say the number of affected customers. But it is worth noting that the company has 800,000 customers, including enterprises. However, the company is contacting affected customers directly and advising them to reset their password.
See also: MailChimp announces new breach after employees were hacked