Threat actors exfiltrated encrypted customer account data and an encryption key for a number of GoTo services in a breach first disclosed last November.
Remote work technology provider GoTo, formerly LogMeIn, published an update Monday to a blog post dedicated to a breach that occurred last year. At the time the breach was disclosed on Nov. 30, GoTo CEO Paddy Srinivasan wrote that the company was investigating a security incident and had “detected unusual activity within [GoTo’s] development environment and third-party cloud storage service.”
Srinivasan said in the update that a threat actor had “exfiltrated encrypted backups” from a third-party cloud storage service related to GoTo services Central, Pro, Join.me, Hamachi and RemotelyAnywhere. In addition, the actor stole an encryption key for a “portion” of the backups, though it’s unclear what products and customer data might be at risk.