Skip to main content

Potential exploitation of Click Studio’s PasswordState software

On 24 April 2021, Australian software company Click Studios announced a compromise of the software update process for their enterprise password management software PasswordState, used by organisations in Australia and globally.

Alert status
HIGH

Background

The compromise of Click Studios’ software update process in April 2021 has resulted in some PasswordState users downloading malware through the software update function. If executed, the malware leads to the compromise of the customer’s PasswordState instance, giving the malicious actor access to all passwords stored in PasswordState, and creates the opportunity for follow-on malicious activity.

Additional Information

The ACSC is providing advice and assistance to Click Studios as they respond to this incident. Click Studios has produced publicly available incident management advisories for affected customers. Customers of Click Studios should follow the steps detailed in these advisories to understand whether they are affected. Click Studios will continue to update these advisories as required.

Assistance

The ACSC strongly recommends Australian organisations who have been affected by this compromise to report the incident to the ACSC via ASD.Assist@defence.gov.au or 1300 CYBER 1. The ACSC continues to monitor the situation and is able to provide assistance and advice as required.