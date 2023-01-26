The owner of LastPass (formerly known as LogMeIn), GoTo, last Tuesday has revealed that unidentified cyber threat actors were able to steal encrypted backups of some customers’ data along with an encryption key for some of those backups in a November 2022 incident.

Before starting, what is LastPass for the uninitiated

LastPass is just a site that lets you store your account passwords, according to themselvesit would be a virtual safe for your passwords, PINs and various serial numbers, a pity that if a site with such a database is hacked, you can easily imagine what the consequences could be: account violations, because you have access… to access data.

How did the theft happen?

The breach, which targeted a third-party cloud storage service, impacted Central, Pro, join.me, Hamachi and RemotelyAnywhere products, the GoTo company said.

“Affected information, which varies by product, may include account usernames, saved and hashed passwords, a portion of your multi-factor authentication (MFA) settings, as well as some product settings and licensing information“, has stated Paddy Srinivasan of GoTo.

Additionally, the MFA settings for a subset of its Rescue and GoToMyPC clients have been compromised (thus being accessed by attackers), although there is no evidence that the encrypted databases associated with the two services have been exploited.

The company didn’t disclose how many users were affected, but said it was contacting victims of the hack directly to provide them with more information and recommend some “actionable steps” to protect their accounts.

GoTo also reset the passwords of affected users and required them to re-authorize their MFA settings; He also said he is migrating his accounts to an advanced identity management platform that he claims offers stronger security.

The business software supplier stressed that it stores all credit card details and does not collect personal information such as dates of birth, addresses and social security numbers (in Italy, this would be the tax code, although through programs on the web is not difficult to be able to generate it).

The announcement comes nearly two months after both GoTo and LastPass revealed “unusual activity within a third-party cloud storage service” shared from the two platforms.

LastPass, in December 2022 (one month ago, as of the writing of this article), also revealed that the digital theft exploited information stolen from a previous breach that occurred in August of the same year, which allowed this attacker (or these, the perpetrators are unknown) to steal a huge amount of customer data, including a backup of their encrypted password vaults.

The information obtained wasused to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service“, was declared by GoTo.

If you use such a service and it got hacked here’s what you need to do

Needless to say, if you’ve been the target of the LastPass database attack, the first thing you need to do is change one by one the passwords, all those you have memorized there so you don’t forget them: none excluded!

Inevitably you will also need to change the one for the LastPass account itself.

Also make sure you have a copy paperon a sheet, in a notebook, in a telephone book, it doesn’t matter, because you are sure that in a physical paper medium nobody will be able to steal them from you.

If you are afraid that someone will see the paper support you can consider making an Excel sheet, a TXT document or whatever you want and save it on an external medium, such as an SD card or USB stick.