Hackers apparently succeed in decrypting parts of the compromised backups. These also contained passwords of customers, which are, however, protected by salt and hash.
GoTo has now asked some users to reset their customer passwords as part of its ongoing investigation into the security incident reported in November. According to a report from BleepingComputer, GoTo Central and GoTo Pro customers are affected.
That’s according to an email that GoTo apparently sent to affected customers, which BleepingComputer has. According to the email, unauthorized persons not only had access to encrypted backups of Central and Pro subscribers, they also managed to read a key for part of the encrypted data. However, within the encrypted backups, the passwords for Central and Pro accounts are additionally protected by salt and hash, he said.
Hackers also capture personal information
Meanwhile, GoTo CEO Paddy Srinivasan described the password reset as a purely precautionary measure. Users who had set up a two-step login would also be prompted to update their multi-factor authentication settings.
According to GoTo, the encrypted backups contained usernames and salted and hashed passwords, as well as information about multi-factor authentication, license data, email addresses and phone numbers. The hackers also got their hands on billing addresses and the last four digits of credit card numbers, it said. However, the company continues to rule out the possibility that production systems were also compromised. It also said it was not possible to intercept data transmitted during a remote session.
In the November incident, cloud storage at a third-party provider was cracked. There, backups from a development environment were stored. GoTo shared the storage with LastPass, which admitted the loss of customer data earlier this year.