In this age of technology the cloud is under attack and GoTo security incident is the latest breach which also caused LastPass data breach. This is concerning because LastPass is a password management software that is used commonly worldwide.
GoTo, formerly LogMeIn Inc., is a flexible-work provider of software as a service (SaaS) and cloud-based remote work tools for collaboration and IT management, with products such as GoTo Connect, GoTo Resolve, Rescue, Central, and more, designed for small and midsized business IT departments but powerful enough for enterprise use. The firm was created in 2003 and is headquartered in Boston, Massachusetts. On February 2, 2022, it renamed from LogMeIn to GoTo. They just suffered a security breach.
Customers notified about GoTo security incident
GoTo, a remote access and collaboration startup, said yesterday that they had a security compromise in which threat actors obtained access to their development environment and a third-party cloud storage provider. The company began emailing customers Wednesday afternoon, informing them that they have begun investigating the GoTo security incident with the assistance of Mandiant and has notified law enforcement. According to the organization, they discovered the event after seeing strange behavior in their development environment and third-party cloud storage provider. According to an email from GoTo CEO Paddy Srinivasan:
“Upon learning of the incident, we immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement. Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service. The third-party cloud storage service is currently shared by both GoTo and its affiliate, LastPass.”
This issue also affected GoTo subsidiary LastPass, which revealed yesterday that threat actors gained access to client data via the same cloud storage breach. According to GoTo, the event had no impact on their products or services, and they are still fully operational. Furthermore, they have said that they have implemented “enhanced security measures and monitoring capabilities” in the aftermath of the incident. LastPass also reported that during an August breach in which threat actors obtained source code, hackers had access to their internal network for four days.
GoTo was partially responsible for LastPass data breach
According to LastPass, unknown attackers hacked its cloud storage using data acquired from a prior security incident in August 2022. The threat actors were also able to access client data saved in the hacked storage service, according to the organization. “We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” the business explained. “We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.”
Lastpass says it engaged security company Mandiant to examine the issue and contacted law enforcement. It also stated that users’ credentials have not been hacked and “remain safely encrypted due to LastPass’s Zero Knowledge architecture.” LastPass further stated, “We are working diligently to understand the scope of the incident and identify what specific information has been accessed.” This is Lastpass’s second security problem this year, following the confirmation in August that the company’s developer environment was accessed via a compromised developer account.
Lastpass said the attackers acquired source code and confidential technical information from its systems in emails addressed to customers at the time. In a subsequent update, the business disclosed that the attackers responsible for the August security breach had internal access to its systems for four days before being removed. LastPass is the company behind one of the most popular password management software, which claims to be used by over 33 million users and 100,000 organizations.
With cloud storage services being used so commonly in the modern world, GoTo security incident and LastPass data breach are great examples on the importance of data security. If you enjoyed this article and want to read more on latest security issues and data leaks, we suggest that you also check out Facebook data breach 2022: 1M+ users affected, or Equifax data breach settlement 2022: The amount and more.