Security News > 2021 > April > Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs
Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a supply chain attack.
"Manual Upgrades of Passwordstate are not compromised. Affected customers password records may have been harvested."
It's not immediately clear who the attackers are or how they compromised the password manager's update feature.
Passwordstate is an on-premise web-based solution used for enterprise password management, enabling businesses to securely store passwords, integrate the solution into their applications, and reset passwords across a range of systems, among others.
Click Studios said the server was taken down as of April 22 at 7:00 AM UTC. The full list of compromised information includes computer name, user name, domain name, current process name, current process id, names and IDs of all running processes, names of all running services, display name and status, Passwordstate instance's Proxy Server Address, usernames and passwords.
In December 2020, a rogue update to the SolarWinds Orion network management software installed a backdoor on the networks of up to 18,000 customers.