By Guest Blogger Elmer Robinson, Rocky Mountain Cybersecurity
LastPass Owner GoTo Gives Update On Latest Security Breach
We previously discussed the LasPass breach in our BLOG post here; but the owners of LastPass have released a new statement on the incident. GoTo says:
“Our investigation to date has determined that a threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro, join.me, Hamachi, and RemotelyAnywhere. We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups. The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information. In addition, while Rescue and GoToMyPC encrypted databases were not exfiltrated, MFA settings of a small subset of their customers were impacted.”
This represents yet another dramatic escalation of the scale and scope of these events, which affects more products and users with each new announcement.
For the full blog including recommendations from Rocky Mountain Cybersecurity, check out: https://rmcybersecurity.com/