How are people feeling about the Security Incident? Do you feel comfortable to be using LogMeIn? Have you turned off LogMeIn until you have more information?

Agreed, but probably because they don't know enough. My problem is there is a lack of direction on what would be best for us users. I have removed all my computers from LogMeIn until I know more.

The problem is you admit to not knowing enough so I would be relying on a hunch that is was safe. There are no precautionary steps suggested either. Should all users change network passwords? If user's store credentials are those stored locally in their client or are they stored in your cloud? Should all users change LogMeIn passwords for precautionary reasons.LogMeIn Control Panel keeps a network connection open to those cloud based servers that might be compromised, so that is a security issue at my end that until I know more information I don't agree that your service is fully functional.

For anyone who hasn't seen it yet, I just received the following in an email from GoTo. I haven't totally digested it yet, but it sounds like password changes are being forced (which is most likely a good thing). Dear Customer, I am writing to update you on our ongoing investigation about the security incident we told you about in November 2022. Our investigation to date has determined that a threat actor exfiltrated encrypted backups related to Central and Pro from a third-party cloud storage facility. In addition, we have evidence that a threat actor also exfiltrated an encryption key for a portion of the encrypted data. However, as part of our security protocols, we salt and hash Central and Pro account passwords. This provides an additional layer of security within the encrypted backups. Recommended Actions Out of an abundance of caution, we are resetting your Central or Pro password. If you use Multi-Factor Authentication to sign into your account, you may be prompted to update your Multi-Factor Authentication settings during this process. As an additional step to protect you, your account will automatically be migrated to GoTo’s enhanced Identity Management Platform as part of your password reset. This platform provides additional security for your users with more robust authentication and login-based security options, including enhanced controls, stronger password requirements, and a Single Sign-On option to access multiple GoTo (formerly LogMeIn) products. Note: all users who have reset their password since December 12 have already migrated to the new platform and do not need to take this action. Additional guidance can be found here for Central and Pro. What information was affected The information in the affected backups include your Central and Pro account usernames and salted and hashed passwords. It also includes your deployment and provisioning information, One-To-Many scripts (Central only), some Multi-Factor Authentication information, licensing and purchasing data such as user emails, phone numbers, billing addresses, and the last four digits of credit card numbers (we do not store full credit card or bank details). Based on our investigation to date, we continue to believe that the threat actor did not have access to GoTo’s production systems. Furthermore, Central and Pro's peer-to-peer technology and end-to-end encryption provide security against interception and eavesdropping of data transferred during remote sessions. Your session data in transit is always protected by Transport Layer Security (TLS) 1.2. While the investigation is ongoing, we wanted to provide this important update to you, and recommend clear and actionable steps in response to what we have learned. We are committed to protecting you, your information, and the security of our products and will continue to update you. If you have any additional questions, please contact customer support. Paddy Srinivasan CEO, GoTo (formerly LogMeIn) (Minor edit made to include the resource links in the original email. Please note if you did not receive the email no action is required - GlennD)

We have locked down all of our accounts, which has caused a fair amount of issues within our workflow.Is there any official response that GoToMyPC was NOT affected? Not a "we don't see anything as of yet".

Agreed. It's like with flight delays - even if there is no news you should keep telling people that there is no news, so they know you are engaged and working on their behalf. Silence makes people fear the worst.

11/30/22 Security Incident

29 Replies

cvillard1
Active Contributor
3 years ago
Still no news? Man, its been like 3 weeks and not a peep officially that services were NOT affected. We still have our services shut down because we cannot determine anything from the initial response. I have since talked with Customer Care its crazy to me that no update has been given to the terrible initial communication.
cvillard
Regular Visitor
3 years ago
Yeah same here. Knowing either way would be good.
JoJoKopp
Active Contributor
3 years ago
I haven't seen an official response that GoToMyPC or LogMeIn Central/Pro was not affected?
cvillard
Regular Visitor
3 years ago
We have locked down all of our accounts, which has caused a fair amount of issues within our workflow.
Is there any official response that GoToMyPC was NOT affected? Not a "we don't see anything as of yet".
timmo08
Active Contributor
3 years ago
Agreed and, as per my separate post, we are unsure whether cloud-based recordings may have been compromised, in which case we have to inform all the participants.
JoJoKopp
Active Contributor
3 years ago
The problem is you admit to not knowing enough so I would be relying on a hunch that is was safe. There are no precautionary steps suggested either. Should all users change network passwords? If user's store credentials are those stored locally in their client or are they stored in your cloud? Should all users change LogMeIn passwords for precautionary reasons.
LogMeIn Control Panel keeps a network connection open to those cloud based servers that might be compromised, so that is a security issue at my end that until I know more information I don't agree that your service is fully functional.
GlennD
GoTo Manager
3 years ago
Hi,

We understand your concern, as our investigation is still ongoing we are limited on what details can be shared currently.

As soon as we learned of the incident we engaged Mandiant, a leading security firm to help with the investigation.

We continue to deploy enhanced security measures and monitoring capabilities across our infrastructure to help detect and prevent threat actor activity.

At this time, we have no evidence that our services are unsafe to utilize and security measures remain in place. Additionally, as part of our efforts, we continue to deploy enhanced security measures and monitoring capabilities across our infrastructure to help detect and prevent threat actor activity.
JoJoKopp
Active Contributor
3 years ago
Agreed, but probably because they don't know enough. My problem is there is a lack of direction on what would be best for us users. I have removed all my computers from LogMeIn until I know more.
timmo08
Active Contributor
3 years ago
Feels like there is a lack of information so far on how the software and storage may have been affected

Forum Discussion

11/30/22 Security Incident

29 Replies

Recent Discussions

LogMeIn Intune deployment prompting users for login on certain devices

macOS Sequoia 15.2 - LMI Run at Boot?

One2Many failures

Is LogMeIn FIPS-2 compliant?

Pre-Host Connection 2FA for Technicans