InfoSec News Nuggets 01/25/2023

LastPass owner GoTo says hackers stole customers’ backups 

LastPass’ parent company GoTo — formerly LogMeIn — has confirmed that cybercriminals stole customers’ encrypted backups during a recent breach of its systems. The breach was first confirmed by LastPass on November 30. At the time, LastPass chief executive Karim Toubba said an “unauthorized party” had gained access to some customers’ information stored in a third-party cloud service shared by LastPass and GoTo. The attackers used information stolen from an earlier breach of LastPass systems in August to further compromise the companies’ shared cloud data. GoTo, which bought LastPass in 2015, said at the time that it was investigating the incident. 

PLAY ransomware group claims attack on Arnold Clark, one of Britain’s largest car dealerships 

Sensitive personal data allegedly stolen from Arnold Clark, one of the United Kingdom’s largest car dealerships, has been posted online by the PLAY ransomware group. The company had claimed in a Tweet on January 3 to have protected customer data after it discovered suspicious traffic on its network back in December, although it did not confirm the nature of the attack.  “Our priority has been to protect our customers’ data, our systems and our third-party partners,” the company stated, adding that “this has been achieved.” 

Bots Are Now Robocalling to Phish For Your Two-Factor Authentication (2FA) Codes 

The idea behind 2FA and OTP tokens is that even if a user’s password is breached or stolen, an attacker still cannot access the user’s account without the second factor

Read more

Explore the site

More from the blog

Latest News