LastPass Owner GoTo Says Hackers Stole Customer Data Backups

1 min read

GoTo, the mum or dad firm of password administration service LastPass, has revealed that hackers stole some clients’ encrypted information throughout a safety breach in November.

The breach, which stemmed straight from one which occurred in August, allowed an “unauthorized occasion” to achieve entry to some clients’ info saved on a third-party cloud storage service shared by LastPass and mum or dad GoTo. Company information stolen in August that was then utilized in November to interrupt into one other LastPass database to seize unencrypted buyer information like names, electronic mail and billing addresses, cellphone numbers, and IP addresses. No unencrypted bank card information was uncovered, the corporate mentioned.

Now, GoTo says a few of its different enterprise merchandise have been affected by the hack, together with the theft of encrypted buyer backups — copies of information emergency restoration — for Central, Pro, be part, Hamachi and RemotelyAnywhere. The firm additionally mentioned it has proof that an encryption key used to safe the information for a few of its clients was additionally stolen.

“The affected info, which varies by product, might embrace account usernames, salted and hashed passwords, a portion of multi-factor authentication (MFA) settings, in addition to some product settings and licensing info,” GoTo CEO Paddy Srinivasan mentioned in a blog post update Monday. “In addition, whereas Rescue and GoToMyPC encrypted databases weren’t exfiltrated, MFA settings of a small subset of their clients had been impacted.”

Srinivasan additionally mentioned the corporate would not imagine another GoTo merchandise had been affected by the theft. GoTo did not point out what number of clients had been affected by theft however did say it is informing those that might have been impacted by the hack.

LastPass is designed to let folks securely generate and save passwords throughout their gadgets, retailer digital information, and share each with trusted contacts. But in late December, LastPass CEO Karim Toubba acknowledged that a safety incident the corporate first disclosed in August had finally paved the way in which for an unauthorized occasion to steal buyer account info and vault information.

GoTo did not instantly reply to a request for extra info.

Source link

Latest from Blog