Goto (previously Logmein) is a cloud platform for remote access, joint work and communication. In November 2022, the company announced safety violations in its development environment and cloud storage service used by it and a subsidiary Lastpass.
At that time, the influence on customer data was not yet known, since the investigation of the incident had just begun. Now the investigation is in the intermediate stage. The information received makes it clear that the incident had a significant impact on Goto customers.
“Our investigation has established today that the attacker stole encrypted backups associated with Central and Pro from a third -party cloud storage. In addition, we have evidence that the attacker also abducted the encryption key for part of the encrypted data” – Representatives of the company reported.
Information in merged backups was as follows:
- users’ names for Central and Pro products accounts;
- passwords of Central and Pro products accounts;
- information about deployment and configuration;
- one scenarios -to-many (only for central);
- information on multifactorial authentication;