GoTo, Formerly LogMeIn, Reports Data Breach Affecting User Data
GoTo, the parent company of LastPass and formerly known as LogMeIn, disclosed on Tuesday a significant data breach involving the theft of encrypted backups of customer information. This incident, which occurred in November 2022, involved unauthorized actors accessing data from a third-party cloud storage service utilized by the company.
The breach specifically affected multiple GoTo products, including Central, Pro, join.me, Hamachi, and RemotelyAnywhere. According to GoTo’s Chief Operating Officer, Paddy Srinivasan, the compromised data varies by product and could include account usernames, salted and hashed passwords, and a portion of multi-factor authentication (MFA) settings, along with some product configurations and licensing details.
While MFA settings for a subset of Rescue and GoToMyPC customers were impacted, GoTo emphasized that there is no evidence that the encrypted databases for these services were actually exfiltrated. The company has not publicly disclosed the number of users affected but has committed to directly notifying the impacted individuals with further details and recommended actions to secure their accounts.
In response to the breach, GoTo has proactively reset the passwords of affected users and mandated that they reauthorize their MFA settings. The company is also in the process of migrating these accounts to a more advanced identity management platform purported to enhance security measures. GoTo has reassured its users that full credit card details and sensitive personal information such as Social Security numbers and addresses are not stored.
This revelation comes almost two months after GoTo and LastPass reported “unusual activity within a third-party cloud storage service” shared by both platforms. In a related incident, LastPass revealed that an earlier breach in August had allowed threat actors to infiltrate their systems, utilizing stolen information to target additional employees and gain access to sensitive storage volumes.
For businesses, the implications of this breach underscore the necessity for rigorous security protocols, including audit trails and continuous monitoring for unusual access patterns. Analyzing the tactics and techniques associated with this incident through the MITRE ATT&CK Framework suggests potential initial access vectors such as compromised credentials or exploitation of third-party services. Tactics like persistence and privilege escalation may have been leveraged to maintain access and extract sensitive information.
As data breaches continue to pose significant risks to organizations, they must remain vigilant and informed, employing robust security strategies to safeguard both their assets and customer trust. In a landscape where cyber threats are ever-evolving, staying proactive in cybersecurity measures is not just advisable; it is essential.
