Security News > 2021 > April > Passwordstate Users Told to Reset All Passwords Following Cyberattack
Australian software developer Click Studios on Saturday urged Passwordstate customers to reset all of their passwords if they downloaded a poisoned update using the software's In-Place Upgrade functionality.
"Only customers that performed In-Place Upgrades between the times stated above are believed to be affected. Manual Upgrades of Passwordstate are not compromised. Affected customers password records may have been harvested," Click Studios says.
Affected customers of the enterprise password manager might have downloaded a malformed update package that contained a modified moserware.
The malicious process gathers a great deal of data from Passwordstate, including URLs, usernames, passwords, notes, and other information stored in the application.
Affected customers are also advised to reset all of the passwords stored in Passwordstate, as they might have been exfiltrated by the attackers.
Click Studios says that the number of affected users appears to be low and that it has contacted active customers to inform them of the incident.