A password manager used by several Dutch organisations concealed its Russian origins, according to an investigation by OCCRP, the international journalists’ collective, with Dutch partners Investico, De Groene Amsterdammer and NU.nl.
Passwork, which lets employees store company passwords in a digital vault, presents itself as a European firm based in Spain.
In reality, the researchers say, the software was developed in Russia in 2014, and a Russian sister company is certified by the FSB security service – a process requiring source code to be reviewed by state-approved auditors.
Novar, one of the largest builders of solar parks in the Netherlands, stopped using the software within a day of being informed by Investico and reported the matter to the National Cyber Security Centre. Regional broadcaster RTV Noord said it would carry on using it.
The journalists found no evidence that passwords were stolen or data compromised. Passwork’s chief executive denied any relationship with the Russian firm, saying the products merely share a common codebase origin.








