Forum Discussion
Hello,
Has the investigation been completed yet as it would relate to LogMeIn Central? Has GoTo commented on what they found in coordination with Mandiant, and what steps were taken accordingly (as it relates to Central)?
I did see the blog update on 12/22/22 for LastPass (link), but I think that really only discussed LastPass specifically. I am not currently a LastPass customer, but we are a longtime LogMeIn Central customer, and I was sent the email notification of the "security incident" on 11/30/22.
Thanks,
etb
For anyone who hasn't seen it yet, I just received the following in an email from GoTo. I haven't totally digested it yet, but it sounds like password changes are being forced (which is most likely a good thing).
Dear Customer,
I am writing to update you on our ongoing investigation about the security incident we told you about in November 2022.
Our investigation to date has determined that a threat actor exfiltrated encrypted backups related to Central and Pro from a third-party cloud storage facility. In addition, we have evidence that a threat actor also exfiltrated an encryption key for a portion of the encrypted data. However, as part of our security protocols, we salt and hash Central and Pro account passwords. This provides an additional layer of security within the encrypted backups.
Recommended Actions
Out of an abundance of caution, we are resetting your Central or Pro password. If you use Multi-Factor Authentication to sign into your account, you may be prompted to update your Multi-Factor Authentication settings during this process.
As an additional step to protect you, your account will automatically be migrated to GoTo’s enhanced Identity Management Platform as part of your password reset. This platform provides additional security for your users with more robust authentication and login-based security options, including enhanced controls, stronger password requirements, and a Single Sign-On option to access multiple GoTo (formerly LogMeIn) products. Note: all users who have reset their password since December 12 have already migrated to the new platform and do not need to take this action. Additional guidance can be found here for Central and Pro.
What information was affected
The information in the affected backups include your Central and Pro account usernames and salted and hashed passwords. It also includes your deployment and provisioning information, One-To-Many scripts (Central only), some Multi-Factor Authentication information, licensing and purchasing data such as user emails, phone numbers, billing addresses, and the last four digits of credit card numbers (we do not store full credit card or bank details).
Based on our investigation to date, we continue to believe that the threat actor did not have access to GoTo’s production systems. Furthermore, Central and Pro's peer-to-peer technology and end-to-end encryption provide security against interception and eavesdropping of data transferred during remote sessions. Your session data in transit is always protected by Transport Layer Security (TLS) 1.2.
While the investigation is ongoing, we wanted to provide this important update to you, and recommend clear and actionable steps in response to what we have learned. We are committed to protecting you, your information, and the security of our products and will continue to update you. If you have any additional questions, please contact customer support.
Paddy Srinivasan
CEO, GoTo (formerly LogMeIn)
(Minor edit made to include the resource links in the original email. Please note if you did not receive the email no action is required - GlennD)
- HappyHippo2 years agoContributor
Were the One2Many attached files also accessed (registry files, MSI, etc..)? We need to know this. Need further clarity please.
- GlennD2 years agoGoTo Manager