Australian company ClickStudios has warned users of its enterprise password manager Passwordstate that a supply chain attack may have led to its customer password records being harvested.
The company on Sunday revealed the attack and said any user who had upgraded between 8:33pm on April 20 and 0:30am on April 22 could be at risk.
It added that an in-place upgrade utility had been compromised and was in that state for about 28 hours.
The Adelaide-based company claimed Passwordstate is used by more than 29,000 customers and 370,000 security and IT professionals globally, many of them from Fortune-500 listed companies.
It said that its in-place upgrade utility had been compromised and was in that state for about 28 hours over the weekend.
