This should provide additional security, “more robust authentication and login-based security options. There is no evidence of any threat actor activity beyond the established timeline, Toubba said in the updated blog post. The company said the threat actor was inside its development system for four days and it contained the breach. In 2022, the password manager LastPass indicated being victim of a security breach multiple times, and unfortunately hackers obtained user information. Furthermore, the company is migrating customer accounts onto an enhanced Identity Management Platform. LastPass completed its investigation into the first incident with assistance from Mandiant. Out of an abundance of caution, GoTo will reset all passwords and reauthorize MFA settings. A Breach at LastPass Has Password Lessons for Us All - The New York Times Advertisement Tech Fix A Breach at LastPass Has Password Lessons for Us All The hacking of the password manager. GoTo is already contacting impacted customers with additional information and recommendations to secure their accounts. LastPass says cybercriminals breached its systems and stole part of its source code, but that no customer passwords were compromised in the incident. “In addition, while Rescue and GoToMyPC encrypted databases were not exfiltrated, MFA settings of a small subset of their customers were impacted.” In December 2021, LastPass members reported multiple attempted logins using correct master passwords from various. “The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information,” Srinivasan said about the GoTo security breach. LastPass has already faced criticism for dubious security procedures. Moreover, the hackers downloaded an encryption key for a portion of the encrypted backups. “Our investigation to date has determined that a threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro,, Hamachi, and RemotelyAnywhere,” the blog post reads. On Tuesday, GoTo CEO Paddy Srinivasan updated the announcement, detailing the massive breach that impacted other GoTo services.
0 Comments
Leave a Reply. |