GoTo, a collaboration software and IT company that owns LastPass, announced that customer data was stolen from other company services along with password manager user credentials in a hack last year. The incident in which attackers managed to gain access to GoTo’s IT systems happened in November last year.
GoTo, formerly known as LogMeIn, made its first announcement since its discovery “unusual activity” in their IT systems on November 30, 2022. The hack reportedly compromised customer data for many GoTo enterprise products, including Central, joim.me, Hamachi, and RemotelyAnywhere.
The company said in a statement that the hackers “You stole encrypted backups from a third-party cloud storage” and received encryption keys to decrypt some of them about two months ago. The type of data stolen varies by product. User logins of the company’s services, hashed passwords, two-factor authentication data and software product settings and license information could fall into the hands of hackers. It is noted that the encrypted databases of GoToMyPC and Rescue clients did not fall into the hands of attackers, but some data on the use of two-factor authentication by a small part of users of these services was stolen.
According to the source, GoTo communicates directly with each customer whose data has been compromised as a result of the mentioned cybersecurity incident. In addition to reporting the incident, the company is making recommendations to mitigate the consequences of the leak. It is also known that the passwords of all accounts affected by the problem will be reset.