GoTo reset passwords of users affected by encrypted account passwords. Users are required to reauthorize MFA after the reset.
LastPass has released an update that contains more severe news for password managers users.
Not only did they get encrypted backups but also the encryption keys that could be used to create backups.
Paddy Srinivasan is the CEO of LastPass’ parent firm GoTo. He revealed that hackers stole backups of Central and Pro join.me, Hamachi, RemotelyAnywhere, and Hamachi.
Data that contains hashed usernames or passwords, multifactor authentication information, and product configurations is at risk.
Even though account passwords were encrypted by GoTo, GoTo required users to reset their passwords by requesting that they re-authorize MFA.
Credit card or financial information are not disclosed. Dates of birth and addresses are said to be safe.
Srinivasan stated that affected users have been contacted. LastPass reported a security vulnerability in November 2022. An initial investigation revealed that hackers had stolen password repositories or databases containing passwords.