LastPass Owner GoTo Gives Update On Latest Security Breach
We previously discussed the LasPass breach in our BLOG post here; but the owners of LastPass have released a new statement on the incident. GoTo says:
“Our investigation to date has determined that a threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro, join.me, Hamachi, and RemotelyAnywhere. We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups. The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information. In addition, while Rescue and GoToMyPC encrypted databases were not exfiltrated, MFA settings of a small subset of their customers were impacted.”
This represents yet another dramatic escalation of the scale and scope of these events, which affects more products and users with each new announcement.
What Should I Do?
We previously recommend moving to another password solution and abandoning LastPass as soon as possible. We also recommended changing all passwords, tokens and MFA settings that were stored in LastPass.
In addition, the threat actors obtained source code and system configuration data that would allow them to spin up their own infrastructure to capture end user traffic. It now seems clear that you should consider all GoTo systems and solutions as compromised. Rocky Mountain Cybersecurity recommends finding alternative solutions as soon as possible.
Check out our recent BLOG post, Recommended Best Practices To Reduce Cyber Supply Chain Risks for help on managing this growing risk.
At Rocky Mountain Cybersecurity we provide our clients with Bitwarden and are a Bitwarden partner; we would be happy to help you migrate to a more secure password solution today.
Contact Rocky Mountain Cybersecurity today! 307-288-0222 – info@rmcybersecurity.com
