Regular readers of this blog know the dangers involved with the use of password managers because I’ve written several posts pointing them out.
Well, the users of yet another password manager have had their passwords and other sensitive information stolen via a data breach.
Numerous tech websites, including the respected Duo Decipher security blog are reporting that a breach of the “Passwordstate” password manager resulted in the “harvesting” of user data for a total of 28 hours between April 20 and April 22.
The seriousness of the breach is vividly explained in this quote from the Decipher post:
“An attacker last week compromised the update functionality for the Passwordstate enterprise password manager and inserted a malicious DLL into an update that enabled the attacker to harvest sensitive data, including usernames and passwords, from affected customers.
The malicious update was available to customers for about 28 hours between April 20 and April 22 and Click Studios, the company that makes Passwordstate, said any customer that performed an in-place upgrade of the software during that time is potentially affected.”
If you’re unfamiliar with Passwordstate it happens to be one of the most-used password managers on the planet for large corporations.
This is how the company’s “About” page describes their list of customers:
“Click Studios Passwordstate is used by more than 29,000 Customers and 370,000 Security & IT Professionals globally, many being from Fortune 500 listed companies, spanning multiple industry verticals including Defence, Banking & Finance, Media and Entertainment, Space & Aviation, Education, Utilities, Retail, Mining, Automotive, Service Providers and IT Security Integrators.“
As you can see, this breach is pretty serious stuff.
If you’re interested you’ll find lots more info by searching Google News for the term passwordstate breach.
I’ve said it before and I’ll say it again…
The use of a password manager puts your entire digital life at risk.
While breaches are indeed fairly rare, when they happen they cause unimaginable grief for the victims involved.
Bottom line: I strongly recommend that you ignore the sales pitches and take a pass on using a password manager.
What you really need to do is select strong passwords that are incredibly secure, yet easy to remember. This post explains how to do that.
Never miss a tip! Click here to sign up for my free Daily Tech Tips Email Newsletter!