Australian software company behind Passwordstate password management application notified customers to reset passwords. The company said a bad actor used sophisticated techniques to compromise the software’s update mechanism. The breach is said to have occurred between April 20, 8:33 PM UTC, and April 22, 0:30 AM UTC, for a total period of about 28 hours. It’s not immediately clear who the attackers are or how they compromised the password manager’s update feature. The number of affected customers appears to be “very low,” the company said.
Source: https://thehackernews.com/2021/04/passwordstate-password-manager-update.html