Click Studios

Click Studios, headquartered in Australia, is the developer of Passwordstate, a corporate password manager designed for enterprise environments. The product focuses on the secure storage, retrieval, and sharing of privileged credentials such as those used for firewalls, VPNs, and servers. It is marketed to organisations that require centralised control over access to sensitive systems.

In April 2021 a supply‑chain attack compromised the update mechanism of Passwordstate, resulting in up to 29,000 enterprise users worldwide downloading a malicious file that posed as a legitimate upgrade. This incident demonstrates that Click Studios serves a substantial global customer base across multiple industries and regions. The malicious payload was designed to harvest system information and exfiltrate credentials to attacker‑controlled infrastructure. The scale of the affected user base provides an explicit indication of the company's reach.

Click Studios’ distinguishing attribute lies in its specialisation in enterprise‑grade password management, particularly for privileged access credentials. The targeting of its update channel in the 2021 attack highlights the company’s position as a node in software supply chains that attackers seek to exploit. Consequently, Passwordstate is recognised for its role in protecting critical infrastructure credentials, a focus that differentiates it from generic password‑management tools.