GoTo Remote Work: Hackers steal backups and keys

B2B Cyber ​​Security ShortNews

Share post

The service provider GoTo for remote work - formerly LogMeIn - reports a hack on customer data and access to encrypted backups including keys that were stored on a cloud server. It probably also contained passwords, names, e-mails and more.

Back in November there was a hacker attack on the cloud section of the online password service LastPass. This is a subsidiary of GoTo, which uses third-party cloud storage. Apparently GoTo data and backups were also accessed there, as the company had to admit almost 2 months later. The first GoTo message in November only mentioned that a security incident was being investigated.

Encrypted backups and keys gone

GoTo had informed its users about the incident briefly and without content, but then probably didn't say anything more. In a recent report, the damage now sounds completely different and much more serious. GoTo now writes about the November 2022 hack: “Our investigation so far has revealed that an attacker exfiltrated encrypted backups from a third-party cloud storage service in connection with the following products: Central, Pro,, Hamachi and RemotelyAnywhere.

We also have evidence that an attacker exfiltrated an encryption key for some of the encrypted backups. Affected information, which varies by product, may include account usernames, salted and hashed passwords, some Multi-Factor Authentication (MFA) settings, and some product settings and license information. Additionally, although the databases encrypted with Rescue and GoToMyPC were not exfiltrated, the MFA settings of a small subset of their customers were affected. At this time, we have no evidence of an exfiltration affecting any GoTo products other than those listed above, or any of GoTo's production systems."

Hack: GoTo customers should be informed directly

The company now wants to inform all affected customers directly, because the reference to the hack and the detailed update can only be found on its website under the succinct heading “Our reaction to a recent security incident”. GoTo further states “While all account passwords have been salted and hashed in accordance with best practices, as a precautionary measure we will also reset affected users' passwords and/or reauthorize MFA settings where appropriate. Additionally, we are migrating their accounts to an advanced identity management platform that provides additional security with more robust authentication and login-based security options.”


More at


Matching articles on the topic

Cyber ​​danger Raspberry Robin

A leading provider of an AI-powered, cloud-delivered cybersecurity platform warns about Raspberry Robin. The malware was first released in the year ➡ Read more

New scam Deep Fake Boss

Unlike classic scams such as the email-based boss scam, the Deep Fake Boss method uses high-tech manipulation ➡ Read more

Classification of the LockBit breakup

European and American law enforcement authorities have managed to arrest two members of the notorious LockBit group. This important strike against the ransomware group ➡ Read more

The Bumblebee malware is back

The Bumblebee malware is being used again by cybercriminals after an absence of several months. IT security experts were recently able to identify an email campaign that used the brand ➡ Read more

Microsoft Defender can be tricked

Microsoft's antivirus program Defender contains a component that is intended to detect and prevent the execution of malicious code using Rundll32.exe. This ➡ Read more

Ransomware attack on IT service providers

A data center owned by the Finnish IT service provider Tietoevry located in Sweden was recently attacked with ransomware. Numerous companies, authorities and universities are ➡ Read more

Threat potential from state actors

The extent of the current threat situation is illustrated by a cyber attack that recently occurred in Ukraine. According to the state ➡ Read more

Critical vulnerabilities at Fortinet

The Federal Office for Information Security (BSI) warns of a security gap in several versions of the Fortinet operating system FortiOS, for example ➡ Read more