GoTo has published an update on the incident, warning customers that attackers who hacked its development environment in November 2022 stole encrypted backups containing information about the client and the encryption key for part of this data.
GoTo provides a cloud platform for remote work, collaboration and communications, as well as solutions for remote IT management and technical support.
In November 2022, the company reported a breach in its development environment and cloud storage service used, among other things, by its subsidiary LastPass.
At that time, it was not possible to assess the impact on the client cluster promptly.
However, after involving Mandiant in the investigation, it became clear that the incident also affected GoTo customers.
According to the GoTo incident notification, as a result of the attack, the actor got to backups of Central and Pro products stored in a third-party cloud storage, which include: user names for accounts, account passwords (hashed), deployment and multi-factor authentication information, One-to-Many scenarios, licensing and purchase data.
Due to the theft of encryption keys, GoTo had to reset the Central and Pro passwords for the affected customers, as well as transfer their accounts to an advanced identity management platform.
The company does not disclose the type of encryption used for backups, also assuring that it is impossible to carry out MITM attacks on customers due to the presence of TLS 1.2 encryption and the use of peer-to-peer communication technologies.
GoTo noted that it still has no evidence that attackers gained access to its production systems.
The investigation of the incident is still ongoing, and GoTo has promised to report all important findings.