Passwork Europe’s Russian Ties Spark Security Concerns Amid Geopolitical Tensions

July 17, 2026
Passwork Europe’s Russian Ties Spark Security Concerns Amid Geopolitical Tensions
  • Passwork Europe, a Spain-based password manager marketed as a fully European product, is linked to a Russian state-certified firm and a UAE entity, raising questions about its EU credentials and independence.

  • The corporate history shows Passwork originated in Russia, expanded to Finland and Spain, and later established entities in the UAE and Russia, with Barcelona operations run by Alexander Muntyan who says the European unit operates independently from the Russian parent.

  • Investigative reporting reveals the software was developed by two Russian co-founders still connected to a UAE-based supplier and a Russian-registered Passwork LLC with its own clients and state certifications.

  • Experts warn that high-value targets like Novar could be leveraged by foreign powers to cause large-scale disruptions, such as power outages, through compromised access if vulnerabilities exist.

  • Despite concerns, reporters found no evidence of malicious code, data compromise, or illegality.

  • Passwork’s zero-knowledge architecture is cited as a security feature, but analysts emphasize that trust and supply-chain integrity are critical for password managers used by government bodies.

  • Officials from OPW and CCPC say they are reviewing Passwork usage in light of the findings, with ongoing consultation with national cyber security authorities.

  • The company previously claimed no Russian affiliation in AI guidance materials, which were updated after inquiries; Muntyan says there is openness to customer audits of the code.

  • The piece underscores ongoing questions about independence, transparency, and security given the intertwined corporate structure and geopolitical context.

  • The investigation highlights broader concerns about third-party software used by governments when branding and corporate structures obscure origins and affiliations.

  • Both the Russian and European entities use an identical logo, and the Russian-certified model implies rigorous source-code reviews, raising potential state-security concerns if vulnerabilities are synchronized across versions.

  • Dutch clients, including Novar, RTV Noord, and Lucrasoft, have been affected; Novar stopped using Passwork, changed passwords, and reported the issue to authorities.

Summary based on 7 sources


Get a daily email with more World News stories

More Stories