LastPass parent company admits that part of customer data was stolen due to unauthorized access



In November 2022, GoTo, the parent company behind the development of the password management tool 'LastPass', was found to have illegally accessed cloud storage that stored encrypted backups of customer data. It announced that some customer data such as

LogMeIn Central and LogMeIn Pro had also been stolen.

Our Response to a Recent Security Incident- GoTo
https://www.goto.com/blog/our-response-to-a-recent-security-incident

GoTo says hackers stole customers' backups and encryption keys
https://www.bleepingcomputer.com/news/security/goto-says-hackers-stole-customers-backups-and-encryption-key/

It all started in August 2022, when attackers illegally obtained some of the LastPass source code and technical information via developer accounts.

A situation where the source code of the password management application 'LastPass' is stolen occurs - GIGAZINE



Then, at the end of November 2022, attackers used information from this stolen source code to break into third-party cloud storage where encrypted backups of GoTo and LastPass customer data were stored, resulting in the loss of customer data. It turned out that I was able to access the 'specific element' successfully.

It turns out that a hacker accessed customer data using the source code stolen from the password management application 'LastPass' - GIGAZINE



The impact on customer data was not yet known when the cloud storage breach was discovered, and GoTo was investigating with the help of cybersecurity firm Mandiant.

When the unauthorized access was discovered, LastPass CEO Karim Toubba announced, ``There is no evidence that your LastPass password has been stolen, and your password remains securely encrypted with our zero-knowledge proof technology.'' However, at the end of December 2022, it was revealed that unauthorized access to LastPass customer data had occurred.

It turns out that the password and personal information of the password management application 'LastPass' were stolen - GIGAZINE



Further investigation revealed that customer data backups related to LogMeIn Central and LogMeIn Pro, online conferencing software join.me, P2P VPN tool Hamachi, and remote operation tool RemotelyAnywhere were also stolen. The impact varies by product, but some of the stolen data includes account usernames, salted /hashed passwords, emails, phone numbers, billing addresses, and the last four digits of credit card numbers. It may contain personal information, some multi-factor authentication settings, product settings and license information.

GoTo says it will contact affected users directly to reset their passwords and reauthorize multi-factor authentication.

Below is the security incident notification that actually arrived from GoTo to the user. GoTo said it has no evidence that the attackers have accessed production systems yet, and that TLS 1.2 encryption and P2P technology are in effect, so the attack is unlikely to affect clients. .



GoTo CEO Paddy Srinivasan clarified that the incident was still under investigation, saying, ``We will continue to strive to complete the investigation quickly, so we appreciate your understanding.''

in Software,   Web Service,   Security, Posted by log1i_yk