Security News > 2023 > January > LastPass Parent Company GoTo Suffers Data Breach, Customers' Backups Compromised
LastPass-owner GoTo on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident.
"The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of multi-factor Authentication settings, as well as some product settings and licensing information," GoTo's Paddy Srinivasan said.
MFA settings pertaining to a subset of its Rescue and GoToMyPC customers were impacted, although there is no evidence that the encrypted databases associated with the two services were exfiltrated.
The company did not disclose how many users were impacted, but said it's directly contacting the victims to provide additional information and recommend certain "Actionable steps" to secure their accounts.
The announcement comes nearly two months after both GoTo and LastPass disclosed "Unusual activity within a third-party cloud storage service" that's shared by the two platforms.
LastPass, in December 2022, also revealed that the digital burglary leveraged information stolen from an earlier breach that took place in August and enabled the adversary to steal a massive stash of customer data, including a backup of their encrypted password vaults.
News URL
https://thehackernews.com/2023/01/lastpass-parent-company-goto-suffers.html
Related news
- Dutch Police: ‘State actor’ likely behind recent data breach (source)
- Comcast and Truist Bank customers caught up in FBCS data breach (source)
- Internet Archive hacked, data breach impacts 31 million users (source)
- Internet Archive data breach, defacement, and DDoS: Users’ data compromised (source)
- Fidelity Investments says data breach affects over 77,000 people (source)
- Fidelity Data Breach Exposes Data of Over 77,000 Customers (source)
- USDoD hacker behind National Public Data breach arrested in Brazil (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Insurance admin Landmark says data breach impacts 800,000 people (source)
- Henry Schein discloses data breach a year after ransomware attack (source)