Skip to content

Goto and LastPass Breach

Source: https://www.wte.net/Goto-and-LastPass-Breach
Date: December 2022
Author: Martin W Smith

Introduction

Goto and LastPass faced security challenges during the 2022 holiday season. CEO Paddy Srinivasan announced on November 30, 2022, that the company was investigating a security incident after detecting unusual activity in their development environment and third-party cloud storage shared between Goto and its affiliate LastPass.

Say What?

According to Tech Crunch's analysis, the official announcement omitted critical details:

  • Second Breach: An initial incident occurred in August; this was the second compromise
  • Timeline: LastPass did not specify when the second breach occurred
  • Scope: The number of affected accounts remained unclear
  • Guidance: Neither company provided protective measures for customers

Background on Two Incidents

The August incident compromised an employee's work account, granting unauthorized access to the development environment containing source code. Leadership downplayed it as limited and contained.

The November incident proved more serious, as intruders accessed customer information.

Recommendations

The post suggests customers change their Goto and LastPass credentials. For those considering alternatives, PC Magazine's password manager guide was recommended. Users frustrated enough might explore different password managers and communication platforms.