“The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information,” Srinivasan said about the GoTo security breach. Moreover, the hackers downloaded an encryption key for a portion of the encrypted backups.
“Our investigation to date has determined that a threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro,, Hamachi, and RemotelyAnywhere,” the blog post reads. On Tuesday, GoTo CEO Paddy Srinivasan updated the announcement, detailing the massive breach that impacted other GoTo services. LastPass parent company GoTo also posted a notice about the security incident in November. LastPass disclosed the turn of events on the Thursday before Christmas. The hackers weaponized information from the August hack to steal LastPass data in November.
LastPass first disclosed the security breach in August 2022, expanding on the matter in November.
0 kommentar(er)
