Passwordstate, a password manager that’s supposed to safeguard passwords, has been compromised by cybercriminal through an exploit in its upgrade mechanism.
As many as 29,000 enterprise users have been affected, specifically users who intended to use the upgrade but instead downloaded and installed malware that sniffed for computer information, including Passwordstate data.
According to CSIS Security Group, the password manager developer ClickStudios suffered the breach sometime between April 20 and 22. The breach lasted for about 28 hours before it was shut down.
ClickStudios has contacted its customers and urged them to reset all their stored passwords, especially ones they use for servers, firewalls, VPNs, and other importing networking devices.
While this news is ironic, everyday users are still encouraged to observe security practices such as the use of password managers (with two-factor authentication as an added measure) to protect their data. Attacks will happen, unfortunately, but multiple security measures should limit the damage.