Enterprise Password Manager Passwordstate Hacked in Supply Chain Attack

The News: Enterprise Password manager Passwordstate, an Australian-based enterprise password management app offered by Click Studios alerted customers late last week of a breach that the company said occurred between April 20 and 22nd.  Read the advisory from Click Studios here. Enterprise Password Manager Passwordstate Hacked in Supply Chain Attack Analyst Take:  The compromise of Click Studios’ enterprise password manager Passwordstate involved an automatically delivered in-place upgrade delivered to customers between April 20 and April 22. Hackers inserted a malicious file alongside regular Passwordstate updates, which made its way, largely by way of automatic, in-place updates, onto Passwordstate users’s computers. When customers performed the updates over the course of a two-day period, a potentially malicious fie was downloaded, which then set off a process that extracted a bunch of information. This included all data stored in Passwordstate (think URLs, usernames and passwords), and also included information about the computer system itself. Supply Chain Dangers and Why Your Password Management App is Targeted How does a password management app get breached? It’s not as rare as you might think, and Passwordstate isn’t the first password manage to be breached. While password managers can be an important tool for requiring that different passwords are employed by users, they also a represent danger because they can be a single point of failure, especially for enterprise users. What’s the possible damage? Passwordstate’s parent, Click Studios, claims a Fortune 500 customer base of 370,000 security and IT pros, and a smaller customer base of 29,000. Since IT pros manage credentials across the organization for devices and services, it’s impossible to know at this point what the damage is, even though the breach is claimed to have occurred only during a little more than a 24-hour period. This is an example of risk at the supply chain level. You can have all the best security practices and procedures at the enterprise level, but have a vendor that you rely on for something like password management services and just like that, you’re in trouble. And this is exactly why threat actors target various players in the supply chain. My colleague Fred McClimans and I covered the Passwordstate breach as part of our Cybersecurity Shorts edition of the Futurum Tech Webcast this last week.