GoTo (formerly LogMeIn) Suffers Data Breach

Breach News
Written By Lee Vaniderstine

Company: GoTo (formerly LogMeIn)
Exploit: Data Breach
Industry: Enterprise software
Sources: https://www.goto.com/blog/our-response-to-a-recent-security-incident

GoTo, formerly known as LogMeIn, has suffered a data breach that impacted a number of its products. The breach took place in November 2022 and targeted a third-party cloud storage service that GoTo used. According to the company, the products impacted by the breach included Central, Pro, join.me, Hamachi, and RemotelyAnywhere. The stolen information included account usernames, salted and hashed passwords, a portion of multi-factor authentication settings, as well as some product settings and licensing information.

Although the company has not disclosed the exact number of users affected by the breach, it has stated that it is directly reaching out to the impacted individuals to provide additional information and recommendations for securing their accounts. As a result of the breach, GoTo has reset the passwords of affected users and is requiring them to reauthorize their multi-factor authentication settings. The company has also announced that it is migrating its accounts to a new identity management platform that promises to offer more robust security.

It is important to note that GoTo does not store full credit card information, and does not collect personal information such as dates of birth, addresses, and Social Security numbers. The breach was announced nearly two months after GoTo and LastPass reported unusual activity within a third-party cloud storage service that the two platforms share. LastPass also suffered a breach in December 2022 that saw the theft of a large amount of customer data, including encrypted password vaults.

The obtained information from the LastPass breach was used to target another employee, allowing the adversary to obtain credentials and keys that were used to access and decrypt storage volumes within the cloud-based storage service. The recent data breaches highlight the importance of choosing cloud storage providers carefully and implementing robust security measures to protect sensitive information. IT professionals should stay informed and take necessary steps to secure their data and systems from similar incidents.

Lee Vaniderstine
Previous

Zacks Investment Research Confirms Data Breach Affecting 280,000 Customers
Next

Vulnerability in Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Exposed to Remote Command Execution