GoTo Technologies, the parent company of password manager LastPass has informed its customers that threat actors have obtained encrypted backups and an encryption key to access some of them.
Last November, a security incident has occured and after an investigation its been found that a threat actor exfiltrated encrypted backups from a third-party cloud storage service relating to the company’s Central, Pro, join.me, Hamachi and RemotelyAnywhere products.
The affected information may include account usernames, salted and hashed passwords, a portion of multifactor authentication settings, and some product settings and licensing information. Although noting that databases relating to its Rescue and GoToMyPC products were not affected, GoTo advises that the MFA settings of a small number of users of those products were affected.
GoTo is informing its affected customers and although the stolen passwords are encrypted and that it’s resetting account passwords out of caution.
In December 2022- LastPass, which is owned by GoTo, advised customers that a hacker had copied data from backups that contained customer account information. The same hacker also stole a copy of encrypted password vaults. Now the LastPass’s parent company is now posting that hacker obtained an encryption key in what looks like a similar attack.
LastPass recent attack may not be related to the GoTo breach, but there is a lot of crossovers in the timeline. LastPass offers to protect customer passwords but can’t provide adequate security to prevent attackers.