Remote access and collaboration company GoTo disclosed today that they suffered a security breach where threat actors gained access to their development environment and third-party cloud storage service.
GoTo (formerly LogMeIn) began emailing customers Wednesday afternoon, warning that they have started investigating the cyberattack with the help of Mandiant and have alerted law enforcement.
The company says they first learned of the incident after detecting unusual activity in their development environment and third-party cloud storage service.
“Upon learning of the incident, we immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement,” reads an email from GoTo CEO Paddy Srinivasan.
“Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service. The third-party cloud storage service is currently shared by both GoTo and its affiliate, LastPass.”
This incident also affected GoTo subsidiary LastPass, which disclosed today that threat actors accessed customer information through the same cloud storage breach.
GoTo says the incident has not affected their products and services, and they remain fully functional.
However, they have said they deployed “enhanced security measures and monitoring capabilities” after the attack.
BleepingComputer has asked GoTo for further information, such as when the attack occurred or if the source code was stolen, but has yet to hear back.
LastPass also revealed in September that hackers had access to their internal network for four days during an August cyberattack where threat actors stole source code.
Source: https://www.bleepingcomputer.com/news/security/goto-says-hackers-breached-its-dev-environment-cloud-storage/