GoTo Confirms Hackers Stole Customer Account Information

GoTo, the company behind LastPass, has confirmed that hackers stole customer account information in an attack on November 2022.

Initially, Last Pass CEO, Karim Toubba, announced the breach, revealing that an unauthorized party stole some customers’ information from a third-party cloud service.

Two months later, GoTo released a statement saying the attack impacted several of its products, including its hosted VPN service Hamachi. Its tools for business communication, Central, meetings and team collaboration, Join.me, and remote access, Remotely Anywhere, are also affected.

Currently, GoTo has no evidence of the attack affecting any of its other products.

However, the company’s CEO, Paddy Srinivasan, confirmed that the perpetrators stole customers’ encrypted backups from all four services and the encryption key, securing all data.

Hackers exfiltrated information, such as usernames, passwords, and multi-factor authentication (MFA) settings. They also stole some product settings and licensing information.

The company is contacting affected customers

GoTO has 800,000 customers, including large enterprises, but Srinivasan didn’t share how many the breach impacted.

He said the company is reaching out to those affected, resetting their passwords, reauthorizing their MFA settings, and migrating their accounts onto a more secure Identity Management Platform.

Hackers only exfiltrated the data GoTo stores

In the statement, GoTo also reminded customers that it doesn’t store all credit card and bank details. The company said the same goes for personal information, such as birth date, home address, and Social Security numbers.

However, if you use any of these four GoTo services, it’s recommended to take extra precautions. For example, it’s always best to create a strong password and make sure you don’t use it on other accounts.

Here, at VPNCentral, we have a section dedicated to secure browsing that you can check out.