iTWire Friday, 30 April 2021 10:34 Password firm blames customers for posting advisories on social media
Shares Image by WAQAR AHMAD from Pixabay
The Australian company behind a password manager that was subjected to a supply chain attack is blaming customers who post its advisories about the attack on social media, claiming this may lead to related attacks.
Adelaide-based
an advisory posted on Wednesday: The number of affected customers is still very low. Only customers that performed In-Place Upgrades between the times stated above are believed to be affected. Customers are requested not to post Click Studios correspondence on Social Media. It is expected that the bad actor is actively monitoring Social Media, looking for information they can use to their advantage, for related attacks.
A sign is posted on the exterior of Twitter headquarters in San Francisco, California. The company warned developers that a bug may have exposed their APIs and tokens. (Justin Sullivan/Getty Images)
Australian password security company Click Studios said it believes only a small fraction of its 29,000 customers were affected by a breach caused by a corrupted update containing malicious code. Meanwhile, customers posting correspondence from the company on social media may be unwittingly feeding into new phishing schemes.
In a new advisory posted on their website, Click Studios provided an update on their investigation into the breach, which took place between 8:33 p.m. Universal Coordinated Time on April 20 and 12:30 a.m. UCT April 23. Any customer that updated their PasswordState tool during that time frame could have been compromised.