PasswordState Users Told To "Reset All Passwords" Before Losing Important Data To Malicious Update

While internet users are finding their safety and comfort in password managing apps, there is one developed by Click Studios (an Australian software house), Passwordstate, which has fallen into the trap of cybercriminals. And the extent of the attack is so much that the company has publicly ordered its customers to reset passwords for multiple platforms to protect themselves from any exploitation.

Click Studios warned its customers through an email that confirmed that the password manager’s software update feature has been compromised and there are chances that hackers may steal your personal information.

The email was also revealed by a Polish news site Niebezpiecznik first on Friday that showed how the Passwordstate customers' details went into the hands of cybercriminals in between the 28-hour time frame of April 20-22 through the update.

Right after the update gets installed, the software gets connected to the attacker’s servers to activate the malware which then steals and sends the details stored in the password manager’s contents to the bad actors at the back. Hence, if customers want to save themselves, the email reads “commence resetting all passwords contained within Passwordstate.”

With that being said, Click Studios did not inform the customers on how the update was compromised on such a massive level. The company has taken down the servers already on April 22 but the users can still be at risk if attackers get successful in getting their infrastructure online again.

Enterprise password managers have been the need of the hour in recent times for many companies as it makes it easier for employees to share passwords and all kinds of sensitive information within the organization through the network devices like firewalls and VPNs, shared email accounts, internal databases, and social media accounts.

According to Click Studios, Passwordstate currently enjoys more than 29,000 customers which include Fortune 500, government, banking, defense, and aerospace companies as well.

The chief executive Mark Sanford has still not responded with any comment on the issue.

Previous Post Next Post