An Australian software house, Click Studios, recently informed its customers to reset all the passwords that are stored on their password manager, PasswordState, which appears to have been compromised by cybercriminals.
The customers were warned through an email that confirmed that PasswordState’s software update feature had been compromised and there were chances of hackers stealing their personal information.
SEE: Abine Blur Password Manager exposed data of 2.4M users
PasswordState is a self-hosted password management solution that integrates with Active Directory and handles a host of enterprise-related duties including auditing as well as its own API.
The firm reported that a bad actor used sophisticated techniques to compromise the software’s update mechanism and used it to drop malware on user computers. The users who installed an update between 4:33 PM Eastern on April 20 and 7 PM Eastern on April 21 received malware as part of the upgrade process.
The news of the breach was first reported by the Polish tech news site Niebezpiecznik. It is not evidently clear who was behind this cyber attack or how they compromised the password manager’s update feature but Click Studios stated that an investigation is ongoing and added: “
The number of affected customers appears to be very low”.
Enterprise password managers have been the need of the hour in recent times for many companies as it makes it easier for employees to share passwords and all kinds of sensitive information within the organization through the network devices like firewalls and VPNs, shared email ..
Support the originator by clicking the read the rest link below.
