Hackers dug deep in the massive LastPass security breach

By Alan Truly January 25, 2023

The cybersecurity breach that LastPass owner GoTo reported in November 2022 keeps getting worse as new details are revealed, calling into question the company’s transparency on this serious issue.

It has been two months since GoTo shared the alarming news that hackers stole the usernames, passwords, email addresses, phone numbers, IP addresses, and even billing information of LastPass users. In GoTo’s latest blog update, the company reported that several of its other products were compromised as well.

GoTo’s Central, Pro, join.me, Hamachi, and RemotelyAnywhere were all hacked and the encrypted databases with account usernames, salted and hashed passwords, Multi-Factor Authentication (MFA) settings, some product settings, and licensing information were accessed by hackers. Even if you don’t use LastPass, you might have made use of these services so this expands the number of people affected by the cyberattack.

While the databases were encrypted, the encryption key was also stolen, making it a simple matter for anyone with the key to read all of this information. That provides plenty of fodder for future cybersecurity attacks in order to gain further access to the valuable personal and financial data of the users of these services.

Rescue and GoToMyPC encrypted databases were not affected, but the MFA settings of some customers were impacted. The only good news that GoTo shared in its latest update is a reminder that GoTo doesn’t store full credit card and bank details, date of birth, home address, or Social Security numbers. Even if your data is in the hands of hackers, they won’t be able to immediately drain your bank account or run up a big credit card bill.

That said, every little addition to hacker profiles makes it easier to gain access to critical data to unlock your most important accounts and steal your data and money. If you use any of the GoTo products and services mentioned above, it’s a good idea to take the time to change passwords and switch on two-factor authentication to secure your accounts.

Editors' Recommendations

Topics

Computing Writer

Alan is a Computing Writer living in Nova Scotia, Canada. A tech-enthusiast since his youth, Alan stays current on what is…

Mobile

Leaving LastPass? Here’s how to take all your passwords with you

LastPass

If you, like many of us, have been happily using LastPass's excellent free tier for the last few years, you're probably dismayed that LastPass is moving to change the way its free access works. From March 16, you'll only be able to sync your LastPass database between mobile devices or computers -- but not both. So if you want to keep accessing the same passwords on your phone and laptop, you'll have to pay up and join LastPass's premium subscription for $3 a month.

Of course, not everyone is wild to pay a subscription fee -- or has the free cash to do so. If that's you, you're probably looking for a password manager to replace LastPass. But you won't want to leave all your collected passwords and logins behind. Thankfully, you can quickly and easily export your LastPass passwords and login information and import them into your new password manager of choice. So go check out our list of the best password managers, then dive into our guide on how to leave LastPass and take your passwords with you.
Export your LastPass database
Now that you know you're moving from LastPass, the first step is to make sure you take everything with you. Thankfully, exporting your database from LastPass is simple. Unfortunately, there's no way to export your passwords from the mobile app, so you'll have to use a PC or Mac to complete this action.

Computing

LastPass will make it easier and safer for families to share login credentials

LastPass

One of the most crucial components of staying safe online is making sure that your account passwords don't fall into the wrong hands. LastPass makes it easy for users to keep track of passwords for various different sites and services, and now it's adding functionality that will facilitate sharing credentials with others.

Obviously, it's generally not a good idea to let too many people know what your password is for any important account. However, it's more and more common that a few different users might share one login -- especially when it comes to subscription services like Netflix and Spotify -- so the new family sharing functionality set to be offered by LastPass will no doubt come in handy for many.

Computing

Latest bugs in LastPass allowed attackers to steal passwords

A hand on a laptop in a dark surrounding.

Password manager LastPass is patching a number of critical vulnerabilities in its software that left users’ passwords potentially leaking.

No software is ever totally safe and while password managers can offer a degree of security and convenience, they are not impervious as these security flaws demonstrate.