Passwordstate users warned to ‘reset all passwords’ after attackers plant malicious update

Passwordstate users warned to ‘reset all passwords’ after attackers plant malicious update

Click Studios, the Australian software house that develops the enterprise password manager Passwordstate, has warned customers to reset passwords across their organizations after a cyberattack on the password manager.

An email sent by Click Studios to customers said the company had confirmed that attackers had “compromised” the password manager’s software update feature in order to steal customer passwords.

The email, posted on Twitter by Polish news site Niebezpiecznik early on Friday, said the malicious update exposed Passwordstate customers over a 28-hour window between April 20-22. Once installed, the malicious update contacts the attacker’s servers to retrieve malware designed to steal and send the password manager’s contents back to the attackers. The email also told customers to “commence resetting all passwords contained within Passwordstate.”

🚨 Manager haseł PasswordState został zhackowany a komputery klientów zainfekowane.

Producent informuje ofiary e-mailem.

Ten manager haseł jest “korporacyjny”, więc problem będzie dotyczyć przede wszystkim firm… Auć!

(Informacja od Tajemniczego Pedro) pic.twitter.com/PGHhmEKpje

— Niebezpiecznik (@niebezpiecznik) April 23, 2021

Click Studios did not say how the attackers compromised the password manager’s update feature, but emailed customers with a security fix.

The company also said the attacker’s servers were taken down on April 22. But Passwordstate users could still be at risk if the attacker’s are able to get their infrastructure online again.

Enterprise password managers let employees at companies share passwords and other sensitive secrets across their organization, such as network devices — including firewalls and VPNs, shared email accounts, internal databases and social media accounts. Click Studios claims Passwordstate is used by “more than 29,000 customers,” including in the Fortune 500, government, banking, defense and aerospace, and most major industries.

Although affected customers were notified this morning, news of the breach only became widely known several hours later after Danish cybersecurity firm CSIS Group published a blog post with details of the attack.

Click Studios chief executive Mark Sanford did not respond to a request for comment outside Australian business hours.

Read more:

  • President Trump’s Twitter accessed by security expert who guessed password ‘maga2020!’
  • Spotify resets passwords after a security bug exposed users’ private account information
  • Ubiquiti says customer data may have been accessed in data breach
  • Long read: How Have I Been Pwned became the keeper of the internet’s biggest data breaches
  • Amazon’s Ring Neighbors app exposed users’ precise locations and home addresses

Related Articles

How Jamaica failed to handle its JamCOVID scandal

As governments scrambled to lock down their populations after the COVID-19 pandemic was declared last March, some countries had plans underway to reopen. By June, Jamaica became one of the first countries to open its borders. Tourism represents about one-fifth of Jamaica’s economy. In 2019 alone, four million travelers visited Jamaica, bringing thousands of jobs…

Twitter bans James O’Keefe of Project Veritas over fake account policy

Twitter has banned right-wing provocateur James O’Keefe, creator of political gotcha video producer Project Veritas, for violating its “platform manipulation and spam policy,” suggesting he was operating multiple accounts in an unsanctioned way. O’Keefe has already announced that he will sue the company for defamation. The ban, or “permanent suspension” as Twitter calls it, occurred…

0 0 votes
Reitingas
Subscribe
Notify of
guest
0 Komentarai
Inline Feedbacks
View all comments