An independent researcher recently identified a weakness in Password Manager web portal for Mac and communicated to Trend Micro under the principles of responsible disclosure.
With the researcher's assistance, the Password Manager team was able to quickly address the critical issues and has released an updated version of Password Manager at the end of May 2017 with further security enhancements.
Trend Micro has no evidence nor has received any reports or indication that any user's data, passwords or information has been compromised in any way. However, since there was a time period where this weakness was present before Trend Micro was made aware of it, we are recommending a proactive action for extra protection.
What exactly was the issue?
At this time, due to the nature of the vulnerability and the forthcoming release, we cannot go into depth as the nature or specifics of the reported vulnerability. However, we reiterate that Trend Micro has not received any reports of indication that the vulnerability was exploited at any time or that any user's information or data was compromised in any way.
Trend Micro takes security very seriously, which is why we want to ensure our customers have the best protection possible. If you have questions or need assistance changing your Master PIN, contact your authorized Trend Micro support representative.
What action should users take?
Trend Micro recommends that users reset their Password Manager Master PIN used to access the service. In addition, it is generally best practice to regularly change passwords for any online services so now is a good time to do so. Users should select passwords that are complex, yet memorable, using upper and lower case letters, numbers and special characters such as $%&!. They should NOT be based on dictionary words, important dates or other guessable information.