Cloud Security, Identity, Breach, Vulnerability Management

GoTo, LastPass hack compromises shared cloud storage service

CRN reports that popular desktop-sharing and virtual meeting software provider GoTo and password manager affiliate LastPass had their shared third-party cloud storage service compromised by still undetermined attackers. Some LastPass customer details were accessed by attackers who were able to hack the cloud storage service using information from an intrusion in August, which involved a breach of the company's developer environment due to a previously compromised developer account, according to LastPass CEO Karim Toubba, who emphasized that no customer passwords have been compromised as they were encrypted with the platform's Zero Knowledge architecture. Meanwhile, no unauthorized access to customer data was confirmed by GoTo CEO Paddy Srinivasan. Investigation into the incident is underway, with both executives emphasizing that GoTo and LastPass products and services have not been disrupted as a result of the breach. "We are working diligently to understand the scope of the incident and identify what specific information has been accessed," said Toubba.

Related

LockBit-leaked DC city agency data from third party

Washington, D.C.'s Department of Insurance, Securities and Banking has disclosed that 800GB of data claimed to have been stolen by the LockBit ransomware operation was obtained from an attack against third-party software provider Tyler Technologies following the ransomware gang's threats to expose 1GB of the exfiltrated data to coerce the agency into providing the demanded ransom, reports The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.