Update as of Thursday, April 20, 2023
To All GoTo Customers,
We recently concluded our investigation into the security incident first shared with customers in November of 2022 regarding unauthorized activity in a third-party cloud storage environment. We eliminated the threat actor’s access to the environment and found no evidence of additional compromise or threat actor activity beyond what we previously disclosed as impacted in January. In addition, we concluded that GoTo Resolve, GoTo Connect, GoTo Meeting, GoTo Webinar, GoTo Contact Center, GoTo Assist, GoTo Training, and Grasshopper had no impact at all.
We are constantly enhancing our security measures and monitoring capabilities to protect our customers, including:
- Accelerated the migration of customer accounts onto our enhanced Identity Management Platform.
- Full analysis of existing controls and configurations, and necessary changes to further harden existing environments.
- Comprehensive reviews of and, where appropriate, enhancements to our encryption practices within our applications and backup infrastructure.
Thank you for your continued patience and understanding while we completed the investigation. We take our commitment to protect our customers very seriously and will continue to undertake efforts to ensure our services and infrastructure remain secure and are designed to detect and prevent future threats.
Paddy Srinivasan
CEO, GoTo
Update as of Monday, January 23, 2023
To All GoTo Customers,
I am writing to update you on our ongoing investigation about the security incident we told you about in November 2022.
Our investigation to date has determined that a threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro, join.me, Hamachi, and RemotelyAnywhere. We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups. The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information. In addition, while Rescue and GoToMyPC encrypted databases were not exfiltrated, MFA settings of a small subset of their customers were impacted.
At this time, we have no evidence of exfiltration affecting any other GoTo products other than those referenced above or any of GoTo’s production systems.
We are contacting affected customers directly to provide additional information and recommend actionable steps for them to take to further secure their accounts. Even though all account passwords were salted and hashed in accordance with best practices, out of an abundance of caution, we will also reset the passwords of affected users and/or reauthorize MFA settings where applicable. In addition, we are migrating their accounts onto an enhanced Identity Management Platform, which will provide additional security with more robust authentication and login-based security options.
As a reminder, GoTo does not store full credit card or bank details. In addition, GoTo does not collect or use end user personal information, such as date of birth, home address, or Social Security numbers.
We appreciate your understanding while we continue to work expeditiously to complete our investigation.
Paddy Srinivasan
CEO, GoTo
.
Original Post from November 30, 2022
To All GoTo Customers,
I am writing to inform you that GoTo is investigating a security incident. While we are currently working to better understand the scope of the issue, we wanted to let you know about the situation and how we are responding.
Upon learning of the incident, we immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement. Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service. The third-party cloud storage service is currently shared by both GoTo and its affiliate, LastPass.
GoTo’s products and services remain fully functional, and we are committed to our customers. As part of our efforts, we also continue to deploy enhanced security measures and monitoring capabilities across our infrastructure to help detect and prevent threat actor activity.
Thank you for your patience as we work expeditiously to complete our investigation. We will continue to update you.
Paddy Srinivasan
CEO