The Click Studios' Passwordstate user interface (Source: Click Studios)
Attackers implanted malware into Click Studios' Passwordstate password manager update process, potentially exposing 29,000 users to exfiltration of passwords and other data, the company reports.
In an incident management advisory issued Saturday, Australia-based Click Studios says any customer that performed an "in place upgrade" for its password manager software between 8:33 p.m. UTC April 20 and 12:30 a.m. UTC April 22 may have downloaded the malware. The company, however, says those who upgraded outside this time frame should be safe from malware infection.
"Affected customers' password records may have been harvested," the company says.