LastPass owner GoTo reports theft of backups customers

In response to the data theft, GoTo is going to reset the passwords of affected customers and re-authorize their MFA settings. An attack on GoTo, the parent company of LastPass previously known as LogMeIn, also stole customers' backups and the encryption key to decrypt the data. As a result, usernames, hashed and hashed passwords, some of the multifactor authentication (MFA) settings, product settings and licensing data got into the hands of the attacker.