The cybersecurity breach that LastPass owner GoTo reported in November 2022 keeps getting worse as new details are revealed, calling into question the company’s transparency on this serious issue.
It has been two months since GoTo shared the alarming news that hackers stole the usernames, passwords, email addresses, phone numbers, IP addresses, and even billing information of LastPass users. In GoTo’s latest blog update, the company reported that several of its other products were compromised as well.
GoTo’s Central, Pro, join.me, Hamachi, and RemotelyAnywhere were all hacked and the encrypted databases with account usernames, salted and hashed passwords, Multi-Factor Authentication (MFA) settings, some product settings, and licensing information were accessed by hackers. Even if you don’t use LastPass, you might have made use of these services so this expands the number of people affected by the cyberattack.
While the databases were encrypted, the encryption key was also stolen, making it a simple matter for anyone with the key to read all of this information. That provides plenty of fodder for future cybersecurity attacks in order to gain further access to the valuable personal and financial data of the users of these services.
Rescue and GoToMyPC encrypted databases were not affected, but the MFA settings of some customers were impacted. The only good news that GoTo shared in its latest update is a reminder that GoTo doesn’t store full credit card and bank details, date of birth, home address, or Social Security numbers. Even if your data is in the hands of hackers, they won’t be able to immediately drain your bank account or run up a big credit card bill.
That said, every little addition to hacker profiles makes it easier to gain access to critical data to unlock your most important accounts and steal your data and money. If you use any of the GoTo products and services mentioned above, it’s a good idea to take the time to change passwords and switch on two-factor authentication to secure your accounts.