"GoTo Data Breach: Encrypted Backups and Encryption Keys Stolen, Customers' Data Compromised

LastPass parent company, GoTo, has recently suffered a data breach in which the encrypted backups of some of its customers' data were stolen, along with an encryption key for some of those backups. The incident occurred in November 2022 and targeted a third-party cloud storage service. The products impacted by the breach include Central, Pro, join.me, Hamachi, and RemotelyAnywhere. According to GoTo, the affected information may include account usernames, salted and hashed passwords, a portion of multi-factor authentication (MFA) settings, as well as some product settings and licensing information. Additionally, MFA settings pertaining to a subset of its Rescue and GoToMyPC customers were also impacted, although there is no evidence that the encrypted databases associated with the two services were exfiltrated. GoTo did not disclose the number of users affected by the breach, but stated that it is directly contacting the victims to provide additional information and recommend certain "actionable steps" to secure their accounts. The company has also taken steps to reset the passwords of affected users and requiring them to reauthorize MFA settings. Furthermore, GoTo is migrating their accounts to an enhanced identity management platform that claims to offer more robust security. This announcement comes nearly two months after both GoTo and LastPass disclosed "unusual activity within a third-party cloud storage service" that's shared by the two platforms. LastPass also revealed that in December 2021, the digital burglary leveraged information stolen from an earlier breach that took place in August, enabling the adversary to steal a large amount of customer data, including a backup of their encrypted password vaults. It is important for organizations to regularly review and update their security protocols and to have a plan in place for responding to security incidents. Additionally, it is important to be cautious when it comes to opening attachments or clicking on links in emails, even if they appear to be from a trusted source.