Customers backup and encryption keys amongst stolen credentials during LastPass hack

Share post:

GoTo Technologies, the parent company of password manager LastPass, has informed its customers that during a recent breach of its systems, hackers obtained encrypted backups and an encryption key to access some of them.

According to a blog post to customers, GoTo discovered that a threat actor exfiltrated encrypted backups from a third-party cloud storage service relating to the company’s Central, Pro, join.me, Hamachi, and RemotelyAnywhere products during an investigation into a “security incident” in November. “We also have evidence that a threat actor stole an encryption key for some of the encrypted backups,” the company added.

“The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information,” GoTo added.

In addition, the hacker stole the multi-factor authentication settings for a small number of GoTo Rescue and GoToMyPC customers; both products allow clients to remotely access a computer online. The intruders also stole customers’ encrypted backups from these services, as well as the company’s encryption key for securing the data, according to GoTo.

In its statement, GoTo provided no guidance and did not specify how many users may have been affected.

The sources for this piece include an article in TechCrunch.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways