The service provider GoTo for remote work - formerly LogMeIn - reports a hack on customer data and access to encrypted backups including keys that were stored on a cloud server. It probably also contained passwords, names, e-mails and more.
Back in November there was a hacker attack on the cloud section of the online password service LastPass. This is a subsidiary of GoTo, which uses third-party cloud storage. Apparently GoTo data and backups were also accessed there, as the company had to admit almost 2 months later. The first GoTo message in November only mentioned that a security incident was being investigated.
Encrypted backups and keys gone
GoTo had informed its users about the incident briefly and without content, but then probably didn't say anything more. In a recent report, the damage now sounds completely different and much more serious. GoTo now writes about the November 2022 hack: “Our investigation so far has revealed that an attacker exfiltrated encrypted backups from a third-party cloud storage service in connection with the following products: Central, Pro, join.me, Hamachi and RemotelyAnywhere.
We also have evidence that an attacker exfiltrated an encryption key for some of the encrypted backups. Affected information, which varies by product, may include account usernames, salted and hashed passwords, some Multi-Factor Authentication (MFA) settings, and some product settings and license information. Additionally, although the databases encrypted with Rescue and GoToMyPC were not exfiltrated, the MFA settings of a small subset of their customers were affected. At this time, we have no evidence of an exfiltration affecting any GoTo products other than those listed above, or any of GoTo's production systems."
Subscribe to our newsletter now
Read the best news from B2B CYBER SECURITY once a month
Expand for details on your consent
. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/
. The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest.
We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.
Hack: GoTo customers should be informed directly
The company now wants to inform all affected customers directly, because the reference to the hack and the detailed update can only be found on its website under the succinct heading “Our reaction to a recent security incident”. GoTo further states “While all account passwords have been salted and hashed in accordance with best practices, as a precautionary measure we will also reset affected users' passwords and/or reauthorize MFA settings where appropriate. Additionally, we are migrating their accounts to an advanced identity management platform that provides additional security with more robust authentication and login-based security options.”
More at GoTo.com
Matching articles on the topic