Click Studios has notified customers to reset their passwords of Passwordstate password management application. They inform that the reason for this change is a supply chain attack. They announced that bad actors used sophisticated techniques to compromise the software’s update mechanism and used it to drop malware on user computers.
According to the company’s announcement, “any in-place upgrades performed between 20th April 8:33 PM UTC and 22nd April 0:30 AM UTC have the potential to download a malformed Passwordstate_upgrade.zip. This .zip file was sourced from a download network not controlled by Click Studios.”
The company published an Incident Management Advisory on 24th April 2021, 12:38 PM (Australian CDT),about the processes that the company will follow and explaining to customers that this platform is the only authorized place about the iimprovoments.
Passwordstate is an on-prem web-based solution used for enterprise password management, and used by about 29000 customers. Also, several Fortune 500 companies are customers of Passwordstate.