LastPass-owner GoTo says hackers have taken customer data from other products – Times of India

LastPass owner GoTo has given an update on the November 2022 security incident wherein the remote collaboration and IT software company spotted an unusual activity within its development environment and third-party cloud storage service. It said that, along with LastPass consumer data, hackers were able to get hold of data from its other enterprise products.
A threat actor exfiltrated encrypted backups, which include account holders’ usernames and passwords, as well as an encryption key for a portion of the encrypted backups, the company said in a blog post. The third-party cloud storage service is shared by both GoTo and its affiliate, LastPass.
“Our investigation to date has determined that a threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro, join.me, Hamachi, and RemotelyAnywhere,” it said.

What data has been compromised?
GoTo says that the stolen information varies by product and may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information.
“In addition, while Rescue and GoToMyPC encrypted databases were not exfiltrated, MFA settings of a small subset of their customers were impacted,” the CEO of the company noted.
The company is now contacting affected customers to provide additional information and recommend steps to secure their accounts. The company also says it will reset the passwords of affected users and/or reauthorise MFA settings where applicable. GoTo is also migrating its accounts onto an enhanced Identity Management Platform to offer more robust authentication and login-based security options.

LastPass hacking
The development comes almost a month after LastPass CEO said that a hacker copied customer data with the help of the cloud storage access key and dual storage container decryption keys.
“The threat actor copied information from a backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service,” he said.
Hackers also copied a backup of customer vault data from the encrypted storage container.
Soon after the incident, Computer Emergency Response Team (CERT-In) issued an advisory, warning Indian users that cybercriminals can undertake phishing attacks to compromise their accounts.