The firm claimed to have digital evidence that Australian company ClickStudios suffered a breach, sometime between April 20 and April 22, which resulted in the attacker dropping a corrupted update to its password manager Passwordstate.