[BreachExchange] Passwordstate users warned to ‘reset all passwords’ after attackers plant malicious update
Destry Winant
destry at riskbasedsecurity.com
Mon Apr 26 10:31:24 EDT 2021
https://techcrunch.com/2021/04/23/passwordstate-click-studios-password-manager-breach/
Click Studios, the Australian software house that develops the enterprise
password manager Passwordstate, has warned customers to reset passwords
across their organizations after a cyberattack on the password manager.
An email sent by Click Studios to customers said the company had confirmed
that attackers had “compromised” the password manager’s software update
feature in order to steal customer passwords.
The email, posted on Twitter by Polish news site Niebezpiecznik early on
Friday, said the malicious update exposed Passwordstate customers over a
28-hour window between April 20-22. Once installed, the malicious update
contacts the attacker’s servers to retrieve malware designed to steal and
send the password manager’s contents back to the attackers. The email also
told customers to “commence resetting all passwords contained within
Passwordstate.”
Click Studios did not say how the attackers compromised the password
manager’s update feature, but emailed customers with a security fix.
The company also said the attacker’s servers were taken down on April 22.
But Passwordstate users could still be at risk if the attacker’s are able
to get their infrastructure online again.
Enterprise password managers let employees at companies share passwords and
other sensitive secrets across their organization, such as network devices
— including firewalls and VPNs, shared email accounts, internal databases
and social media accounts. Click Studios claims Passwordstate is used by
“more than 29,000 customers,” including in the Fortune 500, government,
banking, defense and aerospace, and most major industries.
Although affected customers were notified this morning, news of the breach
only became widely known several hours later after Danish cybersecurity
firm CSIS Group published a blog post with details of the attack.
Click Studios chief executive Mark Sanford did not respond to a request for
comment outside Australian business hours.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210426/f2a48956/attachment.html>
More information about the BreachExchange
mailing list