Skip to main content

Hackers dug deep in the massive LastPass security breach

The cybersecurity breach that LastPass owner GoTo reported in November 2022 keeps getting worse as new details are revealed, calling into question the company’s transparency on this serious issue.

It has been two months since GoTo shared the alarming news that hackers stole the usernames, passwords, email addresses, phone numbers, IP addresses, and even billing information of LastPass users. In GoTo’s latest blog update, the company reported that several of its other products were compromised as well.

GoTo’s Central, Pro,, Hamachi, and RemotelyAnywhere were all hacked and the encrypted databases with account usernames, salted and hashed passwords, Multi-Factor Authentication (MFA) settings, some product settings, and licensing information were accessed by hackers. Even if you don’t use LastPass, you might have made use of these services so this expands the number of people affected by the cyberattack.

While the databases were encrypted, the encryption key was also stolen, making it a simple matter for anyone with the key to read all of this information. That provides plenty of fodder for future cybersecurity attacks in order to gain further access to the valuable personal and financial data of the users of these services.

Rescue and GoToMyPC encrypted databases were not affected, but the MFA settings of some customers were impacted. The only good news that GoTo shared in its latest update is a reminder that GoTo doesn’t store full credit card and bank details, date of birth, home address, or Social Security numbers. Even if your data is in the hands of hackers, they won’t be able to immediately drain your bank account or run up a big credit card bill.

That said, every little addition to hacker profiles makes it easier to gain access to critical data to unlock your most important accounts and steal your data and money. If you use any of the GoTo products and services mentioned above, it’s a good idea to take the time to change passwords and switch on two-factor authentication to secure your accounts.

Editors' Recommendations

Alan Truly
Computing Writer
Alan is a Computing Writer living in Nova Scotia, Canada. A tech-enthusiast since his youth, Alan stays current on what is…
Hackers stole LastPass source code in data breach incident
lastpass on phone

Today, LastPass confirmed a data breach in a blog post describing the incident to its customers that rely on the company's products for online security. The company emphasized that customer data was not stolen in the breach, however, and that users do not have to do anything to secure their data.

In a post written by CEO Karim Toubba, LastPass stated the following:

Read more
Best LastPass alternatives for 2021
A digital security lock.

Whether you're security-conscious or have a terrible memory, using a free password manager is a great way to free up brain space and secure your most important information. Unfortunately, LastPass -- one of the best password managers -- has taken steps to sharply limit the features of free accounts, including only being able to use the free version on your PC or mobile devices (no longer both), and users will have three chances to determine which version to keep going forward. Understandably, many free account users are now searching for the best LastPass alternatives. Here are our favorites.
Best LastPass alternatives

Best premium alternative: Dashlane
Best iOS alternative: Apple iCloud Keychain
Best freemium alternative: Bitwarden
Best single-device alternative: NordPass
Best Android alternative: Google Password Manager

Read more
LastPass is scaling back its free tier. Find out if you need to pay

LastPass currently offers a free tier that lets a single user access its password manager service on all their mobile devices and computers. But that’s about to change.

Starting March 16, the company will limit its free tier to only one device type, either mobile or computer. So if you select to keep the free tier for mobile, you’ll be asked to pay a fee to continue using the service on computers, and vice versa.

Read more