Tuesday, January 24, 2023

GoTo: Hacker Exfiltrated Encryption Keys

GoTo, the remote access software developer which also owns the LastPass password service, said on Monday that a hacker not only stole backups from the company, but also an encryption key to those backups. According to GoTo, the "exfiltrated" information was related to its Central, Pro, join.me, Hamachi, and RemotelyAnywhere products, which might include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information. GoTo has operations in Santa Barbara, where several of its products--including GoToMyPC--were developed.