Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
GoTo data breach overview:
- Who: GoTo, the parent company of LastPass, has warned customers a data breach in November led to the theft of encrypted customer backups and an encryption key for some of the exposed data.
- Why: GoTo attributed the data breach to a bad actor compromising its developmental environment and a cloud storage service used by LastPass and itself.
- Where: GoTo is used by consumers nationwide.
GoTo, the parent company of LastPass, has warned its customers a data breach it experienced in November 2022 led to the theft of encrypted customer backups and an encryption key for some held information.
The company disclosed the data breach in November, saying the breach compromised its development environment as well as a cloud storage service used by itself and LastPass, Bleeping Computer reported.
GoTo, with the assistance of cybersecurity firm Mandiant, has reportedly just begun conducting an investigation into the data breach.
So far, however, the internal investigation has revealed the breach seriously affected GoTo’s customer base, Bleeping Computer reported.
GoTo has said the data breach affected backups that were related to its Central and Pro product tiers and that were being stored in a third-party storage facility.
“Our investigation to date has determined that a threat actor exfiltrated encrypted backups related to Central and Pro from a third-party cloud storage facility,” GoTo said in a notice sent to its customers.
GoTo also informed its customers it had found evidence that a threat actor had been able to exfiltrate an encryption key that was used to protect a portion of the data that was exposed during the breach.
The company did reassure customers, however, that it “salt and hash Central and Pro account passwords,” in order to provide “an additional layer of security within the encrypted backups.”
Information possibly exposed during the data breach includes Central and Pro account usernames and passwords, deployment and provisioning information, one-to-many scripts from Central accounts and multifactor authentication information.
GoTo said personal customer information such as email addresses, phone numbers, billing addresses and the last four digits of customer credit card numbers could also have been compromised during the data breach.
The company said that, in response to the data breach, it has reset Central and Pro account passwords for those affected and is automatically migrating accounts to its enhanced Identity Management Platform.
A class action lawsuit was filed against LastPass earlier this month by a consumer claiming the company neglected cyber security measures before an August 2022 data breach.
Have you been impacted by a data breach? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
2 thoughts onLastPass parent company GoTo suffers data breach
If there’s a LastPass lawsuit, count me in! I’ve used them for years and rely on them.
My computer has a bleeping issue too. I use Last Pass