Password manager app Passwordstate recently suffered a cyber attack that compromised sensitive user data.
During the cyberattack, it was reported that an application software upgrade was issued for Passwordstate, Password manager app that went out to customers between April 20 and April 22.
An unauthorized malicious actor had apparently compromised the upgrade feature of the Passwordgate, Password manager software present on the content distribution network for 28 hours
A malicious file version of an authentic update file had been installed that incorporated a code-named ‘Loader’.
It then advances via a multitude of operations to generate the facility to derive data regarding the device system and the Passwordstate information.
The stolen data and information are then transmitted to the attackers via a content delivery network handled by the hackers.
As for the user data compromised in the cyberattack, it was reported that I formation regarding computer names, user names, domain names, current process name, process ID, all running processes and ID, running services name, display name, and status, Passwordstate’s instances, proxy server addresses, usernames, and passwords.
Passwordstate password table data including title, username, description, notes, URL, password and several generic fields were also reportedly jeopardized.
Advisory issued by Click Studio:
An advisory was issued by Passwordstate’s parent company Click Studios and it stated that even though database strings and encryption keys were utilized to process the data, there is currently no evidence directing that they were stolen.
In a recent advisory, Passwordstate established that it is working in coordination with customers, detecting those who were affected and recommending them the needful recovery measures.
Affected users are recommended to download a hotfix file, use PowerShell to confirm the checksum of the hotfix, stop Passwordstate, extract the hotfix and then restart Passwordstate.
To further mitigate future risks, customers are being advised to reset all passwords contained within Passwordstate, including firewalls, virtual private networks, external websites, and internal infrastructure such as switches, storage systems, and local accounts.