![]() There is valid reason for concern not only given the recent LastPass breach, but also that there was a considerable delay of the announcement of it to customers. The company says that its investigation into the incident continues. The likelihood of this hinges on the type of encryption used, something that GoTo has not revealed to the public. While GoTo says that only some of the stolen data can be accessed via leaked encryption keys, it remains possible (as with the stolen LastPass password vaults) that the encrypted backups could be cracked at some point. Questions remain about how much client data can be pulled from encrypted backups However, the incident will certainly leave many with questions (along with some angry observations) given that it took about two months for the company to follow up with more information about a breach this extensive that involved the theft of an encryption key and encrypted backups that could contain very sensitive information. The lone bright spot in the breach is that the company does not store financial information or personal information such as Social Security numbers, so customer bank accounts and credit cards do not appear to be at risk. These accounts are also being migrated to an “enhanced Identity Management Platform” that the company says will provide additional login security and authentication options. GoTo says that all stolen passwords were salted and hashed, but out of an abundance of caution it is contacting all impacted customers and asking them to change passwords. ![]() For Rescue and GoToMyPC customers, the MFA settings of a “small subset” of their customers may also have been exposed. ![]() The attackers may have additionally accessed Central and Pro account usernames, salted and hashed passwords, some Multi-Factor Authentication (MFA) settings, and some product settings and licensing information. GoTo says that the stolen information varies by product, but encryption keys that were also taken in the hack will grant access to “a portion” of the encrypted backups that were stolen. Encrypted backups for an assortment of products stolen encryption key granting access to “a portion” of these also lost A variety of the company’s enterprise products are impacted including Central, Pro,, Hamachi, and RemotelyAnywhere. The theft of LastPass’s encrypted password vaults had been previously reported, but the fact that the hack impacted multiple GoTo companies and products is a new development and greatly increases the total amount of potential damage.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |