I came to know about compromise of passwords of customers of Click Studios' Passwordstate. It was done by compromising the update mechanism of that software. More details here: https://arstechnica.com/gadgets/2021/04/hackers-backdoor-corporate-password-manager-and-steal-customer-data/
This is very concerning because an attack like that cannot be avoided (afaik) by use of any kind of end-to-end encryption, as the malicious update should have full access to decrypted data. I wanted to know if you would like to reassure your customers after going through what exactly happened with Passwordstate, and then outlining what steps you take to decrease susceptibility to such attacks.
It's also a concern because even companies like Microsoft and SolarWinds have been compromised recently with supply-chain attacks.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided