“Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service. “Upon learning of the incident, we immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement,” GoTo CEO Paddy Srinivasan said in his update. And during that time, the malicious actors managed to steal some of the source code along with technical information.īoth firms have engaged third party services to deal with the situation. In September, the firm revealed cybercriminals had gained access to their network for four consecutive days.
LastPass initially suffered a security breach in August 2022, and cybercriminals likely used this information in this latest attack. According to the LastPass mother company, LastPass is used by over 30 million people and 85,000 businesses worldwide. This decision came due to the credential managers’ popularity, especially given the big number of security breaches facing individuals and business owners. Shortly thereafter, LastPass was launched as a standalone company. In 2021 the Hungary-based company announced that LastPass will no longer be a product under the GoTo suite of offerings. GoTo is an IT communications toolkit and cloud provider for business owners offering VOIP, video conferencing, and remote support. What We Know about the GoTo & LastPass Security Breach GoTo, however, made no mention of a compromise of customer records in its initial communications. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture,” LastPass CEO Karim Toubba said in the company update. “We have determined that an unauthorized party… was able to gain access to certain elements of our customers’ information. LastPass is a subsidiary of GoTo (formerly LogMein), and both share the same cloud storage facilities. GoTo and LastPass have issued formal security breach notifications, suggesting that cybercriminals have gained access to their development environment and cloud storage facilities. Cybercriminals successfully penetrated a cloud provider, but did not have the keys or codes to the secured files.
0 kommentar(er)
