Hackers Stole LastPass Parent Company's Encrypted Customer Back Ups, Encryption Key
Hackers demand $10 million for League of Legends source code, Massive wave of N. Korean phishing emails appeared last month, Chinese hackers targeted 12 S. Korean institutions, much more
LastPass’ parent company GoTo, formerly LogMeIn, has confirmed that cybercriminals stole customers’ encrypted backups and the company’s encryption key during a recent breach of its systems.
On November 30, LastPass chief executive Karim Toubba said an “unauthorized party” had accessed some customers’ information in a third-party cloud service shared by LastPass and GoT. Now, however, the company says the cyberattack impacted several of its products, including business communications tool Central; online meetings service Join.me; hosted VPN service Hamachi; and its Remotely Anywhere remote access tool.
GoTo said the intruders exfiltrated customers’ encrypted backups from these services and the company’s encryption key for securing the data. GoTo did not say how many customers are affected. The company has 800,000 customers, including enterprises. Despite the delay, GoTo provided no remediation guidance or advice for affected customers. (Carly Page / TechCrunch)
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.