Failed Login Email Notifications
As you may have seen in recent news, lists of hundreds of millions of user credentials taken from past breaches (mostly at social networks) are being used for a variety of recent nefarious activity on high profile sites like Netflix and Facebook.
Why am I receiving failed login emails?
As part of GoTo's continuous efforts to improve security, we send out email alerts to notify our customers about login activities.
A failed login attempt notification from GoTo means that an attempt to log into your account was not successful. Receiving these emails may indicate an automated attempt to log in by using credentials obtained through 3rd party breaches. Failed attempts mean that you're probably following GoTo's best practices of regularly changing your password, using complex passwords and/or have used two- factor authentication to further secure your account.
Was there a breach at GoTo?
We have found no evidence to suggest that there has been a breach of GoTo's systems. We are seeing an increased number of login attempts, likely from hackers testing reused passwords (taken from 3rd party breaches) to obtain access to your account.
Is there any action needed from me?
To verify your account activity, please log in to your account, click your in the upper-right corner, and select.
If the login attempt was you and it was just an incorrectly typed password, please consider using a password manager such as LastPass to help save and auto-fill your passwords for the future. If the login attempt was not you, we highly recommend that you follow the best practices below.
What other precautions should I take?
Please ensure that you have followed our recommended best practices on password complexity below and enabled two factor authentication where available. Additional online security best practices include:
- Never use the same password across different online services, applications and websites.
- Regularly change passwords for both your computers and your online accounts.
- Use a password manager (Try using LastPass).
- Always be vigilant to avoid phishing attempts. Here's a quick primer.
- Enable 2-step or 2-factor authentication on your online services and applications, if it is offered.
- Here's how you can turn on 2-factor authentication for your account.
What are the best practices on password complexity?
- Contains 12 characters or more.
- Made of capital letters, lowercase letters, and numbers.
- Is changed every 90 days.
- Does not match your .
- Does not match any of your four most recent passwords.