Remote access and collaboration company GoTo today revealed that it suffered a security breach where threat actors gained access to their development environment and a third-party cloud storage service.

GoTo (formerly LogMeIn) began sending emails to its customers on Wednesday afternoon, warning them that they had begun investigating the cyberattack with the help of Mandiant and alerted law enforcement.

The company says it first learned of the incident after detecting unusual activity in its development environment and third-party cloud storage service.

“Upon learning of the incident, we immediately launched an investigation, engaged Mandiant, a leading security company, and alerted law enforcement,” read an email from GoTo CEO Paddy. Srinivasan.

“Based on the investigation to date, we have detected unusual activity in our development environment and our third-party cloud storage service. The third-party cloud storage service is currently shared by GoTo and its subsidiary, LastPass. “

This the incident also affected GoTo subsidiary LastPasswhich revealed today that threat actors accessed customer information through the same cloud storage flaw.

GoTo says the incident has not affected its products and services and they remain fully functional.

However, they said they deployed “enhanced security measures and surveillance capabilities” after the attack.

BleepingComputer has asked GoTo for additional information, such as when the attack happened or if the source code was stolen, but has yet to receive a response.

LastPass too unveiled in September that hackers had access to their internal network for four days during a August cyberattack where threat actors stole the source code.



Source link