Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

GoTo Says Hackers Stole Customers' Backups and Encryption Key (bleepingcomputer.com) 27

GoTo (formerly LogMeIn) is warning customers that threat actors who breached its development environment in November 2022 stole encrypted backups containing customer information and an encryption key for a portion of that data. From a report: GoTo provides a platform for cloud-based remote working, collaboration, and communication, as well as remote IT management and technical support solutions. In November 2022, the company disclosed a security breach on its development environment and a cloud storage service used by both them and its affiliate, LastPass. At the time, the impact on the client data had yet to become known as the company's investigation into the incident with the help of cybersecurity firm Mandiant had just begun.

The internal investigation so far has revealed that the incident had a significant impact on GoTo's customers. According to a GoTo's security incident notification a reader shared with BleepingComputer, the attack affected backups relating to the Central and Pro product tiers stored in a third-party cloud storage facility. "Our investigation to date has determined that a threat actor exfiltrated encrypted backups related to Central and Pro from a third-party cloud storage facility," reads the notice to customers.

This discussion has been archived. No new comments can be posted.

GoTo Says Hackers Stole Customers' Backups and Encryption Key

Comments Filter:
  • Brilliant! (Score:5, Insightful)

    by sjames ( 1099 ) on Tuesday January 24, 2023 @11:53AM (#63235782) Homepage Journal

    So GoTo encrypted the backups (good) and then stored the decryption key WITH the backups (WHAT?!?)?

    See also, the safe combination is on a sticky note stuck to the safe...

    The house key is kept in the lock on the front door so I don't lose it!!

    • So GoTo encrypted the backups (good) and then stored the decryption key WITH the backups (WHAT?!?)?

      Exactly. They have no business even having the decryption key. If I lose my master password or recovery file then I simply lose all the passwords I stored in my browser. I don't store my bank password there anyway, ofc, because sense. I'm already trusting my browser not to leak that because I enter it into my browser occasionally in order to log into my bank...

      • by EvilSS ( 557649 )
        You are confused, as usual. The keys they are talking about are the keys for their database backups, not for user password vaults. From TFA:

        The information present in the exfiltrated backups includes the following:

        Central and Pro account usernames
        Central and Pro account passwords (salted and hashed)
        Deployment and provisioning information
        One-to-Many scripts (Central only)
        Multi-factor authentication information
        Licensing and purchasing data like emails, phone numbers, billing address, and last four digits of credit card numbers.

        The LastPass breach has already been covered and no, they did not have the keys to your password vault. This is for their other products.

    • This makes my brain hurt. When I do backups, the encryption key for the backups might be kept in a few places:

      * A printed out copy that goes into a waterproof case with dessicant, and that goes into a fire/burglary rated safe. This safe is separate from the tape safe, with a good combination lock on it.

      * The PAM.

      * A KeePass database in a VeraCrypt container which is stored in a secure, but accessible spot, with the master key stamped on a metal plate, which goes into a safe offsite. A BIP-39 24 word k

  • the writers for 24? "Threat actors exfiltrated..." the data? I guess it's better than "Ooooh, we fucked up bad", but still...
  • by Waffle Iron ( 339739 ) on Tuesday January 24, 2023 @12:18PM (#63235922)

    "Goto considered harmful"

  • It sounds like hackers had help from within the company.

  • by Ol Olsoc ( 1175323 ) on Tuesday January 24, 2023 @04:09PM (#63236964)
    Remember many years ago, when we were told the cloud was perfectly safe?

    Pepperidge Farm remembers.

  • Surprised I donâ(TM)t see this being asked, but why did they have customer data available through their development environment?
  • Good luck cancelling your GoTo account. Not only does their site not work for that, they auto renew and then remind you that you agreed to a full year.

Trap full -- please empty.

Working...