LastPass issued a security update just before Christmas, advising customers that the previously disclosed breach was worse than it had previously announced. The news dropped late on the Thursday before Christmas, at a time when LastPass customers were hardly in a position to worry about the integrity of their passwords. Now, about a month later, LastPass parent company GoTo announced that the November security breach was even worse than we thought.

Hackers didn’t just steal encrypted passwords from LastPass consumers. They also downloaded encrypted backups from various GoTo products, putting the security of GoTo customers at risk.

LastPass first disclosed the security breach in August 2022, expanding on the matter in November. The hackers weaponized information from the August hack to steal LastPass data in November. LastPass disclosed the turn of events on the Thursday before Christmas. LastPass parent company GoTo also posted a notice about the security incident in November.

On Tuesday, GoTo CEO Paddy Srinivasan updated the announcement, detailing the massive breach that impacted other GoTo services.

“Our investigation to date has determined that a threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro,, Hamachi, and RemotelyAnywhere,” the blog post reads.

Moreover, the hackers downloaded an encryption key for a portion of the encrypted backups.

“The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information,” Srinivasan said about the GoTo security breach. “In addition, while Rescue and GoToMyPC encrypted databases were not exfiltrated, MFA settings of a small subset of their customers were impacted.”

GoTo is already contacting impacted customers with additional information and recommendations to secure their accounts. Out of an abundance of caution, GoTo will reset all passwords and reauthorize MFA settings. Furthermore, the company is migrating customer accounts onto an enhanced Identity Management Platform. This should provide additional security, “more robust authentication and login-based security options.”

On a positive note, GoTo notes that it doesn’t store credit card or bank details. Also, it doesn’t collect personal information like dates of birth, home addresses, or Social Security numbers.

Still, it’s unclear how many GoTo customers are affected. Per TechCrunch, GoTo has 800,000 customers, including enterprises.

If you’re a LastPass user or you use other GoTo products, you should ensure that your accounts are safe and your data is secure. Furthermore, if you still haven’t changed the passwords you stored in LastPass, you should do so as soon as you can. The hackers might never breach your encrypted passwords, but it’s better to be safe than sorry.

The post LastPass owner GoTo says security breach is much worse than we thought first appeared on

New reasons to get excited everyday.

Get the latest tech news delivered right in your mailbox

LastPass owner GoTo says security breach is much worse than we thought

5 Reasons Why You Should Try Online Horse Race Betting

In many places around the world, horse races are an attraction that a lot of people love to watch. With the fast-paced action and thrill that each game provides, it is no longer surprising to know that millions of fans have grown fond of it.
LastPass owner GoTo says security breach is much worse than we thought

NordLayer — more than a business VPN

Cybersecurity threats have become vast and more sophisticated. The rate of malware attacks and malicious activity counts within seconds despite the size or sector the organization belongs to — no one is safe enough to expect that foe actors will bypass vital company resources.

LastPass owner GoTo says security breach is much worse than we thought

You may also like

Notify of
Inline Feedbacks
View all comments

More in Tech News