An anonymous reader shares a report: It has been over three months since Click Studios, the Australian software house behind the enterprise password manager Passwordstate, warned its customers to “commence resetting all passwords.” The company was hit by a supply chain attack that sought to steal the passwords from customer servers around the world. But customers tell TechCrunch that they are still without answers about the attack. Several customers say they were met with silence from Click Studios, while others were asked to sign strict secrecy agreements when they asked for assurances about the security of the software. One IT executive whose company was compromised by the attack said they felt “abandoned” by the software maker in the wake of the attack.
Passwordstate is a standalone web server that enterprise companies can use to store and share passwords and secrets for their organizations, like keys for cloud systems and databases that store sensitive customer data, or “break glass” accounts that grant emergency access to the network. Click Studios says it has 29,000 customers using Passwordstate, including banks, universities, consultants, tech companies, defense contractors and U.S. and Australian government agencies, according to public records seen by TechCrunch.
Read more of this story at Slashdot.