GoTo claims hackers have stolen encryption keys and backups of customers from them

GoTo, formerly LogMeIn, is warning its customers that innovators have stolen encrypted backups that contained customer data and an encryption key that allowed them to access a small portion of it.

GoTo is a cloud-based platform that allows remote collaboration and work, communication and remote IT management.

The company revealed in its development environment. It also disclosed LastPass’s cloud storage service that they used.

The impact of the breach on client data was not yet known. Mandiant, a cybersecurity firm, had begun an investigation into the incident.

GoTo customers were affected by the incident, according to internal investigations.

BleepingComputer received a from a reader. It stated that the attack targeted backups related to Central and Pro products tiers, which were stored in third-party cloud storage facilities.

The notice to customers states that “our investigation has concluded that a threat actor exfiltrated encrypted back-ups related to Central or Pro from a Third-Party Cloud Storage Facility.”

We also have evidence that an actor was able to steal the encryption key used for some of our encrypted data. As part of security protocols we salt and hash Central passwords. It adds an extra layer of security to the encrypted backups. GoTo

This information is found in the backups exfiltrated:

  • Usernames for Pro and Central accounts
  • Passwords for Pro and Central accounts (salted, hashed).
  • Provisioning and deployment information
  • Only: One-to Many scripts
  • Multi-factor authentication information
  • Purchase data, licensing, and billing information, such as email addresses, phone numbers and billing address.

GoTo has reacted to this situation by resetting Central and Pro passwords of impacted customers and automatically migrating accounts to GoTo’s enhanced Identity Management Platform.

The platform offers additional security features that make it more difficult to gain access to or take over accounts.

GoTo published . It stated that it will contact affected customers to provide more information and suggestions for taking steps to improve the security of their accounts.

Although the company did not disclose the encryption they used to backup, it is possible that the theft key could have been used to decrypt backups if the encryption was symmetrical, like AES.

According to the firm, there is no proof that intruders gained access to production systems. It also claims that client-safety measures such as man-in-the middle attacks and TLS 1.2 encryption are employed to protect against eavesdropping.

GoTo is continuing its investigation and promised to keep customers informed of any new developments.