LastPass parent company GoTo has come forward with an official statement that — for the fourth or fifth time now — changes the impact that last year’s leak had. Ultimately, the impact is larger than we last reported, but it is limited to users for other GoTo products.

User data related to GoTo services like Hamachi, RemotelyAnywhere, Join.me, Central and Pro has been extracted. The info itself was stored on a server, where the LastPass user creds were being held too. While the info was encrypted, the attackers managed to steal the encryption key as well. Oops!

The affected information varies by product and isn’t equal across the board, but may include account names, passwords, MFA (Multi-Factor Authentication) settings, product settings and even product licenses. That’s a lot of information!

What is LastPass parent GoTo doing about the stolen user data?

Well, the right thing. They’ve started reaching out to affected customers with pointers as to what they can do to secure their accounts. They plan to offer additional help, if need be, but all affected customers have had their passwords reset immediately.

The good news is that at least nobody is getting robbed because of this, as GoTo doesn’t store payment info on their end. We can appreciate them being honest with their findings from this investigation, which has been going on pretty much since last August.

And, luckily, this doesn’t change the impact that the LastPass leak itself had. As such, no additional reason for concern has been uncovered by the investigation. Hopefully, all of this will blow over soon with no more shocking revelations.