Forum Discussion

Anon44870's avatar
Anon44870
New Member
2 years ago

Required Password change for some Central and Pro accounts

Did any one have a notification that they are rolling out a new platform over central pro to day caused loads of issues for remote worker requireng password updates 😞
  • CS_HelpDesk's avatar
    2 years ago

    Hi Anon44870 , 

     

    An email was sent from GoTo's  CEO, about this change. It reads:

    Dear Customer,I am writing to update you on our ongoing investigation about the security incident we told you about in November 2022.Our investigation to date has determined that a threat actor exfiltrated encrypted backups related to Central and Pro from a third-party cloud storage facility. In addition, we have evidence that a threat actor also exfiltrated an encryption key for a portion of the encrypted data. However, as part of our security protocols, we salt and hash Central and Pro account passwords. This provides an additional layer of security within the encrypted backups.Recommended ActionsOut of an abundance of caution, we are resetting your Central or Pro password. If you use Multi-Factor Authentication to sign into your account, you may be prompted to update your Multi-Factor Authentication settings during this process.As an additional step to protect you, your account will automatically be migrated to GoTo’s enhanced Identity Management Platform as part of your password reset. This platform provides additional security for your users with more robust authentication and login-based security options, including enhanced controls, stronger password requirements, and a Single Sign-On option to access multiple GoTo (formerly LogMeIn) products. Note: all users who have reset their password since December 12 have already migrated to the new platform and do not need to take this action. Additional guidance can be found here for Central and Pro.What information was affectedThe information in the affected backups include your Central and Pro account usernames and salted and hashed passwords. It also includes your deployment and provisioning information, One-To-Many scripts (Central only), some Multi-Factor Authentication information, licensing and purchasing data such as user emails, phone numbers, billing addresses, and the last four digits of credit card numbers (we do not store full credit card or bank details).Based on our investigation to date, we continue to believe that the threat actor did not have access to GoTo’s production systems. Furthermore, Central and Pro's peer-to-peer technology and end-to-end encryption provide security against interception and eavesdropping of data transferred during remote sessions. Your session data in transit is always protected by Transport Layer Security (TLS) 1.2.While the investigation is ongoing, we wanted to provide this important update to you, and recommend clear and actionable steps in response to what we have learned. We are committed to protecting you, your information, and the security of our products and will continue to update you. If you have any additional questions, please contact customer support.Paddy SrinivasanCEO, GoTo (formerly LogMeIn)