Data Breach at GoTo: Encrypted Customer Information Compromised

On January 23, 2023, GoTo released a statement detailing an update to the ongoing data breach investigation. Business owners should pay attention to this incident and its implications for their security practices.

Details of the Hack:
According to GoTo’s statement, the attack was first confirmed on November 30, 2022, involving unauthorized access to the company’s systems. The attackers gained access to customer information and could have interfered with encrypted backups of user data as well as Multi-Factor Authentication (MFA) settings. However, it is unclear how many accounts were affected by this attack.

The Scope of the Attack:
GoTo has stated that the attack impacted customers who used some of its products, such as Central, Hamachi, Pro, join.me, and RemotelyAnywhere. However, the company also noted that no personal information, such as dates of birth, home addresses, or Social Security numbers compromised. GoTo does not collect and store this type of data.

Moreover, the user data infiltrated from GoTo remains encrypted. The company is keen to ensure no unencrypted personal data on its customers that threat actors can use in phishing attacks.

The Company’s Response:
GoTo responded quickly by contacting the affected users directly to mitigate any potential damage caused by the breach. In addition, it reset passwords, disabled MFA settings, and required users to perform additional steps for verification when logging into their accounts. Furthermore, the company stated that it’s migrating to a robust Identity Management Platform that will provide more security and visibility for its customers.

Impact on Business Owners or General Public:
The data breach has significantly impacted trust in GoTo’s products and services and the security of users’ information. Business owners should take the time to review their current security practices and ensure they are up to date. Though it is difficult to estimate the full extent of the impact of this breach on business owners or the public, identity theft or fraud may likely result from the misuse of stolen data.

Business owners must take proactive steps to ensure adequate security for their organization’s sensitive information and accounts. The GoTo breach should be a lesson in the importance of utilizing strong passwords and multi-factor authentication for all accounts and regularly monitoring any suspicious activity. By following these best practices, business owners can minimize the risk of falling victim to data breaches.

The GoTo data breach proves that not even the most secure systems are immune to attack. As a result, business owners must remain vigilant and proactively protect their data and accounts. With these measures in place, business owners can rest assured that their sensitive information is protected.