Update as of Monday, January 23, 2023
To All GoTo Customers,
I am writing to update you on our ongoing investigation about the security incident we told you about in November 2022.
Our investigation to date has determined that a threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro, join.me, Hamachi, and RemotelyAnywhere. We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups. The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information. In addition, while Rescue and GoToMyPC encrypted databases were not exfiltrated, MFA settings of a small subset of their customers were impacted.
At this time, we have no evidence of exfiltration affecting any other GoTo products other than those referenced above or any of GoTo’s production systems.
We are contacting affected customers directly to provide additional information and recommend actionable steps for them to take to further secure their accounts. Even though all account passwords were salted and hashed in accordance with best practices, out of an abundance of caution, we will also reset the passwords of affected users and/or reauthorize MFA settings where applicable. In addition, we are migrating their accounts onto an enhanced Identity Management Platform, which will provide additional security with more robust authentication and login-based security options.
As a reminder, GoTo does not store full credit card or bank details. In addition, GoTo does not collect or use end user personal information, such as date of birth, home address, or Social Security numbers.
We appreciate your understanding while we continue to work expeditiously to complete our investigation.
Original Post from November 30, 2022
To All GoTo Customers,
I am writing to inform you that GoTo is investigating a security incident. While we are currently working to better understand the scope of the issue, we wanted to let you know about the situation and how we are responding.
Upon learning of the incident, we immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement. Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service. The third-party cloud storage service is currently shared by both GoTo and its affiliate, LastPass.
GoTo’s products and services remain fully functional, and we are committed to our customers. As part of our efforts, we also continue to deploy enhanced security measures and monitoring capabilities across our infrastructure to help detect and prevent threat actor activity.
Thank you for your patience as we work expeditiously to complete our investigation. We will continue to update you.