Passwordstate Cyberattack: Urgent Password Reset Required

Click Studios, an Australian software development company specializing in enterprise solutions, has alerted its Passwordstate customers to a significant security incident. A cyberattack targeting the password manager necessitated a widespread password reset across affected organizations.

Compromised Update Feature

According to a notification disseminated by Click Studios, attackers successfully exploited the software update mechanism of Passwordstate. This compromise allowed for the theft of customer passwords.

The advisory, initially shared on Twitter by Niebezpiecznik, a Polish news outlet, detailed a 28-hour exposure window spanning April 20th to 22nd. Installation of the malicious update initiated contact with the attacker’s servers.

This contact resulted in the deployment of malware specifically engineered to exfiltrate the contents of the password manager – including stored credentials – back to the perpetrators. Customers were directly instructed to immediately begin resetting all passwords managed within Passwordstate.

Incident Response and Ongoing Risk

While Click Studios has released a security patch addressing the vulnerability, the method by which the update feature was compromised remains undisclosed.

The attacker’s servers were reportedly taken offline on April 22nd. However, the potential for re-establishment of infrastructure by the attackers presents a continuing risk to users.

The Importance of Enterprise Password Managers

Passwordstate, like other enterprise password managers, facilitates secure password sharing and management within organizations. This includes sensitive information related to network devices – such as firewalls and VPNs – as well as shared accounts for email, databases, and social media platforms.

Click Studios reports a customer base exceeding 29,000, encompassing prominent entities within the Fortune 500, government agencies, and the banking, defense, aerospace, and other major sectors.

Delayed Public Disclosure

Despite initial notifications to affected customers, broader awareness of the breach emerged several hours later. This was due to a detailed analysis published by CSIS Group, a Danish cybersecurity firm.

Mark Sanford, CEO of Click Studios, was unavailable for comment outside of regular Australian business hours.

Further Reading

• Password Security: President Trump’s Twitter accessed by security expert who guessed password ‘maga2020!’
• Account Information Exposure: Spotify resets passwords after a security bug exposed users’ private account information
• Data Breach Incident: Ubiquiti says customer data may have been accessed in data breach
• Data Breach History: Long read: How Have I Been Pwned became the keeper of the internet’s biggest data breaches
• Location Data Leakage: Amazon’s Ring Neighbors app exposed users’ precise locations and home addresses