SOCRadar® Cyber Intelligence Inc. | GoTo’s Cloud Storage and Dev Environment Breached by Hackers
Home

Resources

Blog
Dec 01, 2022
3 Mins Read

GoTo’s Cloud Storage and Dev Environment Breached by Hackers

Almost all businesses have migrated to storing their assets on the cloud. Cloud computing is a great way to access your resources instantly, but it comes with a great deal of security responsibility due to the growing attack surface

Remote access company GoTo, previously known as LogMeIn, revealed that hackers breached their development environment and third-party cloud storage. The incident was discovered upon tracking unusual activity. 

GoTo collaborated with a security firm and law enforcement to conduct a thorough investigation after the incident was revealed. There has been no disruption to GoTo’s products or services, but LastPass, a GoTo affiliate, has been impacted. 

How was LastPass Breached 

According to LastPass, information taken during a prior security incident in August 2022 was used by unidentified attackers to breach its cloud storage. 

With over 33 million users and 100,000 businesses, LastPass is one of the most well-known password management software companies. 

Once inside, the threat actors could access customer data kept on the hacked storage service

The company stated, “We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.” 

The business disclosed that the attackers of the security breach in August had internal access to their systems for four days before being kicked out. 

Monitor Cloud Assets Effectively with Cloud Security Module 

Cloud buckets can be defined as an asset with the help of the new Cloud Security Module (CSM), which can determine whether buckets are public, private, or protected, in addition to finding new cloud buckets with External Attack Surface Management (EASM).

When SOCRadar finds new user-owned cloud storage, it adds it to digital assets and sends a “Cloud Bucket Detected” alert. 

Your buckets’ status is always being checked with SOCRadar CSM. A “Cloud Bucket Status Change” alert is also sent whenever there is a change, such as when the bucket’s status changes from private to public.

With SOCRadar Cloud Security Module, you can define your cloud buckets as assets and monitor their status.
With SOCRadar Cloud Security Module, you can define your cloud buckets as assets and monitor their status.