The LastPass leak from last year keeps getting worse: users were affected after all

LastPass parent company GoTo has come forward with an official statement that — for the fourth or fifth time now — changes the impact that last year’s leak had. Ultimately, the impact is larger than we last reported, but it is limited to users for other GoTo products.

User data related to GoTo services like Hamachi, RemotelyAnywhere, Join.me, Central and Pro has been extracted. The info itself was stored on a server, where the LastPass user creds were being held too. While the info was encrypted, the attackers managed to steal the encryption key as well. Oops!

The affected information varies by product and isn’t equal across the board, but may include account names, passwords, MFA (Multi-Factor Authentication) settings, product settings and even product licenses. That’s a lot of information!

What is LastPass parent GoTo doing about the stolen user data?

Well, the right thing. They’ve started reaching out to affected customers with pointers as to what they can do to secure their accounts. They plan to offer additional help, if need be, but all affected customers have had their passwords reset immediately.

The good news is that at least nobody is getting robbed because of this, as GoTo doesn’t store payment info on their end. We can appreciate them being honest with their findings from this investigation, which has been going on pretty much since last August.

And, luckily, this doesn’t change the impact that the LastPass leak itself had. As such, no additional reason for concern has been uncovered by the investigation. Hopefully, all of this will blow over soon with no more shocking revelations.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.