02/17/23: History and title updated to reflect new statements from both companies.

Atlassian suffered a data breach after hackers used stolen employee credentials to steal data from a third-party vendor. However, the company says its network and customer information is secure.

As first reported by Cyberscoopa hacking group known as SiegedSec leaked data on Telegram yesterday claiming it was stolen from Atlassian, an Australia-based collaboration software company.

“We are releasing thousands of employee records along with a few floor plans of buildings. These employee records contain email addresses, phone numbers, names, and much more~!” SiegedSec hackers.

Post SiegedSec on Telegram
Post SiegedSec on Telegram
Source: BleepingComputer

Shortly after the leak, Checkpoint Software told BleepingComputer that they analyzed the leaked data and it contained two floor plans for the Sydney and San Francisco offices and a JSON file containing employee information.

“Based on initial analysis, we suspect the group did not hack Atlassian directly, but a third-party vendor named https://envoy.com/,” Check Point Software told BleepingComputer.

Atlassian confirmed to BleepingComputer that the compromised data came from the third-party Envoy provider they use for internal functions.

“On February 15, 2023, we learned that data from Envoy, a third-party application Atlassian uses to coordinate internal resources, was compromised and released. Atlassian product and customer data is not accessible through the Envoy app and is therefore not at risk. “, Atlassian told BleepingComputer.

“The security of Atlassians is our priority, and we have worked quickly to improve physical security in our offices globally. We are actively investigating this incident and will continue to provide updates to employees as we learn more.

However, Envoy says they are unaware of any breach on their end and believe that an Atlassian employee’s credentials were stolen, allowing the threat actor to access the data inside the Envoy app.

“We are currently investigating this issue and are not aware of any compromises to our systems. Our initial investigations show that a hacker gained access to an Atlassian employee’s valid credentials to pivot and gain access to the Atlassian employee directory and office floor plans contained within the Envoy app,” Envoy told BleepingComputer.

“Envoy, like Atlassian, takes the security and privacy of our customers’ data extremely seriously and has strong measures in place to protect it.”

Update of 02/17/23:

In a new statement from Envoy, the company says its systems were not hacked, but an Atlassian employee’s credentials were stolen, allowing threat actors to access the data stored in the Envoy app.

“The Envoy and Atlassian security teams worked together to identify the source of the data compromise. We found evidence in request logs that confirms the attackers obtained valid user credentials from ‘an Atlassian employee account and used that access to download the affected data from Envoy’s app,” Envoy told BleepingComputer.

“We can confirm that Envoy’s systems were not compromised or hacked and that no other customer data was accessed.”

Atlassian told BleepingComputer that an employee’s credentials were mistakenly published in a public repository, allowing threat actors to use them to steal company data in the Envoy app.

“Our Security Intelligence team has worked closely with Envoy over the past 48 hours to explore all possible modes of entry. Late last night US time, Security Intelligence released their findings and we have been able to say with certainty how our Envoy data was compromised,” an Atlassian said. spokesperson told BleepingComputer in an updated statement.

“We have learned that the hacking group compromised Atlassian data from the Envoy app using an Atlassian employee’s credentials that were mistakenly posted to a public repository by the employee. As such, the hacking group had access to visible data through the employee’s account which included the office floor plans and public Envoy profiles of other Atlassian employees and contractors.”

“The compromised employee’s account was quickly disabled early in the investigation, which proved effective in eliminating any further threats to Atlassian’s Envoy data. Atlassian’s product and customer data are not cannot be accessed through the Envoy app and are therefore not at risk.”

Update 2/16/23 4:35 PM ET: Added Envoy statement
Update 2/17/23: 9:45 PM ET: Story updated to reflect new statements from Envoy and Atlassian.
Update 2/17/23: 1:45 PM ET: added additional statement from Atlassian


Source link