Hackers breach GoTo and LastPass according to a recent post on the company’s website. The former is the popular remote access program and the latter is a popular password manager.
How Did Hackers Breach GoTo And LastPass?
The company is being tight-lipped about how the hackers breach GoTo and LastPass. According to their post they said this: “Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service.” That “unusual activity” prompted the company to investigate. That’s when they discovered the security incident. Then the company “engaged Mandiant, a leading security firm, and alerted law enforcement.” Finally, the company sent emails to affected customers about the breach.
Unfortunately, the hackers accessed customer data for LastPass in the third-party cloud storage service according to Bleeping Computer. However, customers’ passwords “have not been compromised” and “remain safely encrypted due to LastPass’s Zero Knowledge architecture.” So that’s good news. Yet, I would change the LastPass master password or passphrase just in case. You can never be too careful.
According to the Bleeping Computer article this is the second breach in a year for LastPass. So it appears the company didn’t learn from the first hack how to secure its data. Or the company didn’t implement enough security measures over their servers and storage systems, in addition to retraining their employees to detect and alert IT Security phishing emails.
What Can Customers Do To Protect Themselves?
The first steps customers can do is change all their passwords for their GoTo apps and LastPass accounts. That’s a given for any security breach, even if the company states the bad actors weren’t able to steal and/or access passwords.
Second, customers should try to stay abreast of what’s going on with applications and/or programs they’re using. Read emails that come in instead of ignoring them. That way if there is a security incident those individuals can take action to protect themselves and their users.
Finally, some customers need to possibly reconsider using GoTo and/or LastPass. Especially since the latter had two breaches this year. I understand replacing software is difficult because people are used to using it and don’t want to learn a new process. Yet, if a company isn’t taking the right steps to protect customer data then that company doesn’t deserve any business.