At the end of last year, the password manager LastPass suffered an attack, which included obtaining data from user backups and was the subject of criticism from the competitor 1Password. New information from GoToowner of the app and other services, pointed out that more types of data were affected by the invasion.
According to a statement from the CEOChief executive officeror executive director.”>1 from the company, Paddy Srinivasana cracker was able to access encrypted backups stored on a third-party cloud service relating to the following services: the communications tool Central, Prothe video call service Join.me, Hamachi and the remote access utility RemotelyAnywhere.
In addition to backups, even a cryptographic key is among the data that the attacker had access to. Information such as parts of passwords(!), licensing data and a portion of multifactor authentication settings were also compromised, although backups of the services Rescue e GoToMyPC have been preserved — although some client authentications of these solutions have also been leaked.
The company also stated that it is contacting affected consumers, whose passwords and authentication settings should be changed. Everyone’s accounts are also being migrated to a new, more secure identity management system.
The number of people affected was not reported; GoTo has 800 thousand consumers, according to what was informed to the TechCrunch for Jen Mathews, director of public relations for the company. He “repeatedly” refused to answer further questions, leaving only the statement as official information.