A recent GoTo data breach allowed actors to steal backups

January 27, 2023
GoTo Data Breach Stolen Backups Cloud Storage Cybercrime Fraud Prevention Customer Info

The GoTo remote access solutions and collaboration service provider revealed that a group of unidentified hackers conducted a data breach on their systems, stealing encrypted backups for some customers and an encryption key.

Some stolen backups are related to the cybercriminal incident against the company in November last year. The company said the breach impacted their products, such as RemotelyAnywhere, Pro, Central, and Hamachi, after the actors targeted their third-party cloud storage service.

A GoTo representative explained that the compromised info that varied from their products may have contained account usernames, salted and hashed passwords, MFA authentication settings, product settings, and licensing data.

In addition, the MFA settings pertained to a subset of its GoToMyPC and Rescue customers impacted by the attack. However, no evidence was found by researchers that the stolen encrypted databases were related to the two services.

 

GoTo has already notified its customers regarding the recent data breach issue.

 

The GoTo company did not reveal how many users were infected by the data breach attack. However, the company said they had already contacted the victims and provided additional details about the attack.

Furthermore, their security teams have also disseminated recommendations on how to secure their accounts.

The company has also started resetting the passwords of impacted users, which will require them to reauthorize their MFA settings. GoTo also explained that it would migrate its customers’ accounts to an enhanced identity management platform that offers a more secure environment.

Unfortunately, a GoTo security representative confirmed to the impacted users that the stolen backup does contain full credit card details and does not collect basic credentials such as dates of birth, Social Security numbers, and addresses.

This new issue happened nearly a couple of months after GoTo and LastPass announced that they had detected unusual activity within their third-party cloud storage. The attack that occurred last November has significantly compromised both companies and their customers.

As of now, LastPass have yet to find any unwanted activities within its infrastructure. However, they will be more cautious in with their actions as the actors that compromised GoTo knew how to exploit the data breach that occurred on the company last year.

About the author

Leave a Reply