Passwords a software company has addressed its users to make an immediate change to their passwords following a recent supply chain attack by the hackers.
Niebezpiecznik reported on the development. It’s not clear who the attackers are or how they breached the password manager’s update feature.
Click Studios said an investigation into the incident is ongoing, but the ” number of affected customers appears to be very low.”
Among other things, Passwordstate offers secure storage of passwords, integration into enterprise software, and password reset.
Several Fortune 500 companies like banking, insurance, defense, government, education, and manufacturing utilize the software by its 29,000 customers.
The software is used by 370,000 security and IT professionals globally.
According to a research paper from Denmark-based security firm CSIS Group, the file an was modified by software known as “moserware.secretsplitter.dll.”
The full list of compromised information includes computer name, user name, domain name, current process name, current process id, names and IDs of all running processes, names of all running services, display name and status, Passwordstate instance’s Proxy Server Address, usernames and passwords..
Earlier this month, software auditing company Codecov alerted its customers that it discovered its products had been infected with a backdoor to gain access to authentication tokens for internal software accounts used by developers.
The breach didn’t come to light until April 1.