Passwordstate users warned to ‘reset all passwords’ after attackers plant malicious update
Click Studios, the Australian software house that develops the enterprise password manager Passwordstate, has warned customers to reset passwords across their organizations after a cyberattack on the password manager.
An email sent by Click Studios to customers said the company had confirmed that attackers had “compromised” the password manager’s software update feature in order to steal customer passwords.
The email, posted on Twitter by Polish news site Niebezpiecznik early on Friday, said the malicious update exposed Passwordstate customers over a 28-hour window between April 20-22. Once installed, the malicious update contacts the attacker’s servers to retrieve malware designed to steal and send the password manager’s contents back to the attackers. The email also told customers to “commence resetting all passwords contained within Passwordstate.”
🚨 Manager haseł PasswordState został zhackowany a komputery klientów zainfekowane.
Producent informuje ofiary e-mailem.
Ten manager haseł jest “korporacyjny”, więc problem będzie dotyczyć przede wszystkim firm… Auć!
(Informacja od Tajemniczego Pedro) pic.twitter.com/PGHhmEKpje
— Niebezpiecznik (@niebezpiecznik) April 23, 2021
Click Studios did not say how the attackers compromised the password manager’s update feature, but emailed customers with a security fix.
The company also said the attacker’s servers were taken down on April 22. But Passwordstate users could still be at risk if the attacker’s are able to get their infrastructure online again.
Enterprise password managers let employees at companies share passwords and other sensitive secrets across their organization, such as network devices — including firewalls and VPNs, shared email accounts, internal databases and social media accounts. Click Studios claims Passwordstate is used by “more than 29,000 customers,” including in the Fortune 500, government, banking, defense and aerospace, and most major industries.
Although affected customers were notified this morning, news of the breach only became widely known several hours later after Danish cybersecurity firm CSIS Group published a blog post with details of the attack.
Click Studios chief executive Mark Sanford did not respond to a request for comment outside Australian business hours.
Read more:
Click Studios, the Australian software house that develops the enterprise password manager Passwordstate, has warned customers to reset passwords across their organizations after a cyberattack on the password manager. An email sent by Click Studios to customers said the company had confirmed that attackers had “compromised” the password manager’s software…
Recent Posts
- 9 must-see tech deals at Walmart right now: $699 MacBook, $448 75-inch TV, $279 laptop
- 23 Everyday Products Made of Recycled Materials (2024): Chargers, Watches, Toys
- Tesla slashes Full Self-Driving price after Elon Musk said it would only get more expensive
- The United Nations ditches Big Tech in a bid for security
- Discord CEO Jason Citron makes the case for a smaller, more private internet
Archives
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011