GoTo, a company that provides software, said on Monday, January 23, that a hacker had stolen encrypted backups for its Central, Pro, Join.me, and Hamachi services. RemotelyAnywhere was also affected.
Worse still, the business discovered evidence that the attacker stole an encryption key for a portion of the encrypted backups. This makes the situation much more dire. The only logical conclusion to draw from this is that decrypting this backup files would disclose private customer information.
According to GoTo, the data that might have been compromised include usernames associated with accounts, passwords that have been salted and hashed, some Multi-Factor Authentication (MFA) settings, as well as certain application settings and licensing information.
Both GoTo Rescue and GoToMyPC provide customers with the ability to access a computer remotely through the internet. The malicious hacker was successful in obtaining the MFA settings for a portion of those users.
The problem started when a malicious actor obtained access to a cloud storage provider that both LastPass and GoTo make use of. GoTo was the company that was hacked first.
Because the security breach at LastPass was so serious, the company was forced to hand over to the hacker not just customers’ data encryption vaults but also a vast quantity of additional exposed personal information pertaining to users.
The data stored in LastPass vaults is encrypted; nonetheless, if a hacker were to gain the vault master passwords, it is possible that the data might be decoded. There are two ways that you may achieve this objective: either by human guessing or through the use of automated tools.
GoTo has not yet announced the potentially large size of the user base that would be affected by this issue. Nevertheless, according to the business’s statement from the previous year, they had 800 000 customers. Products like Goto Central and Pro are designed to provide IT staff the ability to oversee their operations from a remote location. Hamachi is a hosted virtual private network (VPN) service, while Join.me is an online meeting facilitator.
As a result of the incident, customer accounts that utilize GoTo products can be more susceptible to being attacked. It should come as no surprise that those who depend on GoTo’s remote access software would find this to be quite upsetting news. As a result of this, the business has provided affected users with new passwords and introduced multi-factor authentication (MFA).
The company makes direct human contact with customers who have expressed concern in order to provide further information, as well as to suggest potential solutions to the problems.
According to the company’s statement, “In addition, we are migrating their accounts onto an enhanced Identity Management Platform,” which will provide additional security with more robust authentication and login-based security options. “In addition, we are migrating their accounts onto an enhanced Identity Management Platform,”
Due to the fact that GoTo does not collect data such as dates of birth, home addresses, or Social Security numbers, the company has said that the data breach did not result in the loss or theft of any sensitive information. Despite this, it is possible that consumers would lose trust in the company as a result of the hacking event.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.