Passwordstate password manager notified their customers across their organisations to reset their passwords following a supply chain attack.
- Passwordstate suffered a breach per a 28-hour window between April 20-22.
- The breach was initiated via an update of the Passwordstate app.
- The attackers had “compromised” the password manager’s software update feature to steal customer passwords.
Passwordstate password manager notified their customers across their organisations to reset their passwords following a supply chain attack.
Passwordstate is an on-premises password management solution used by over 29,000 customers worldwide, including in the Fortune 500, government, defence, finance, aerospace, retail, automotive, healthcare, as most significant industries.
According to the notification email sent to customers regarding the supply-chain attack, malicious upgrades were potentially downloaded by customers between April 20 and April 22.
It explained that the initial vulnerability was related to its upgrade director—which points the in-place update to the appropriate version of the software on the company’s content distribution network—on its website.
Customers that performedin-place upgrades between April 20, 8:33 PM UTC, and April 22, 0:30 AM UTC, for a total period of about 28 hours seem to be affected.
When customers performed an in-place upgrade during the above mentioned time, they potentially downloaded a malicious file, titled “moserware.secretsplitter.dll,” from a download network not controlled by Click Studios.
Once the malicious file was loaded, it set off a process that extracted information about the computer system and then posted it to the hacker’s content distribution network.
The complete list of compromised information includes computer name, user name, domain name, current process name, current process id, names and IDs of all running processes, names of all running services, display name and status, Passwordstate instance's Proxy Server Address, usernames and passwords.
Click Studios advises customers who have upgraded their client during the breach to reset all passwords in their Passwordstate database.
It also recommends prioritizing the password reset as follows:
- all credentials for Internet-exposed systems (firewalls, VPN, external websites, etc.)
- all credentials for internal infrastructure
- all remaining credentials
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?