An Australian software house, Click Studios, recently informed its customers to reset all the passwords that are stored on their password manager, PasswordState, which appears to have been compromised by cybercriminals.
The customers were warned through an email that confirmed that PasswordState’s software update feature had been compromised and there were chances of hackers stealing their personal information.
PasswordState is a self-hosted password management solution that integrates with Active Directory and handles a host of enterprise-related duties including auditing as well as its own API.
The firm reported that a bad actor used sophisticated techniques to compromise the software’s update mechanism and used it to drop malware on user computers. The users who installed an update between 4:33 PM Eastern on April 20 and 7 PM Eastern on April 21 received malware as part of the upgrade process.
The news of the breach was first reported by the Polish tech news site Niebezpiecznik. It is not evidently clear who was behind this cyber attack or how they compromised the password manager’s update feature but Click Studios stated that an investigation is ongoing and added: “
The number of affected customers appears to be very low”.
Enterprise password managers have been the need of the hour in recent times for many companies as it makes it easier for employees to share passwords and all kinds of sensitive information within the organization through the network devices like firewalls and VPNs, shared email accounts, internal databases, and social media accounts.
The software is used by 29,000 customers and 370,000 security and IT professionals globally including Fortune 500, government, banking, defense, and aerospace companies as well.
The company has posted a hotfix that urges all customers who installed the bad update to use it, as it should remove the malware and restore security. To speed up the availability of a fix, the update is distributed as an archive and involves manually replacing infected files.
The company is also recommending that businesses reset all credentials associated with external facing systems (firewalls, VPN) as well as internal infrastructure (storage systems, local systems) and any other passwords stored in Passwordstate.