Last week, GoTo (LastPass’ parent company, victim of a recent horrific security breach) announced It was also hacked.

Here are some of GoTo’s remarks:

Previous investigations have shown that attackers have stolen encrypted backups from third-party cloud storage services associated with the following products: Central, Pro,, Hamachi, and RemotelyAnywhere.

Uruk. That’s not good. Losing your backup is probably just as bad as losing your password vault. But good to know the backup is encrypted…

There is also evidence that the attacker stole the encryption keys for some of the encrypted backups.

oh.So when I said the backup was encrypted, I actually meant it was encrypted but Can they be easily decrypted?

Saying the backup was encrypted is a bit like trying to claim that a locked box was locked if the key to the locked box was stolen at the same time as the box.

The information affected varies by product, but includes account usernames, salted and hashed passwords, some multi-factor authentication (MFA) settings, and some product settings and licensing information. There are cases. Additionally, although Rescue and GoToMyPC encrypted databases were not stolen, some customers’ MFA settings were affected.

GoTo appears to be forcing password resets for affected accounts and re-authenticating MFA settings “with great care”.

e-mailsign up for newsletter
Security news, advice and tips.

The breach appears to have occurred at a third-party cloud storage service used by both GoTo and the beleaguered LastPass.

While there will undoubtedly be questions as to whether GoTo properly configured the security of their cloud-based storage for backups, perhaps even more about how carefully they handled the encryption keys for these backups. question will arise.

Did you find this article interesting? Follow Graham Cluley on Twitter again Mastodon To read more about the exclusive content we post.

Graham Cluley is a veteran of the antivirus industry and has worked for many security companies since the early 1990s when he created the first version of Dr. Solomon’s Antivirus Toolkit for Windows. He is now an independent security he is an analyst and makes regular media appearances and lectures internationally on the topics of computer he security, hackers and online he privacy. Follow him on Twitter. @gcluleyfor Mastodon @[email protected]or drop him an email.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog