GoTo Breach Response
infotex and GoTo
To all infotex managed security service Clients:
As recently reported by major news outlets there was a data breach affecting GoTo (formerly LogMeIn) wherein attackers stole encrypted backups containing customer information in November 2022. Based on the advisory from GoTo the products they offer that are affected include LogMeIn Pro, LogMeIn Central, Join.me, and RemotelyAnywhere. The compromised data may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information.
What infotex is doing:
While infotex does use other products from GoTo, namely Jive PBX, GoToMeeting, and GoToWebinar, we do not use any of the affected products/systems listed in the vendor advisory. We will continue to monitor any updates to the incident and take appropriate actions as warranted.
What our clients should be doing:
If you are or have used an affected product from GoTo you should immediately reset all associated account credentials and MFA settings. In addition, review and follow any recommendations from GoTo in regards to securing your accounts. Please contact our SOC team if you have any other questions or investigative requests.
GoTo Security Advisory – https://www.goto.com/blog/our-response-to-a-recent-security-incident
Bleeping Computer Article – https://www.bleepingcomputer.com/news/security/goto-says-hackers-stole-customers-backups-and-encryption-key/