Credentials of Atlassian workers were reportedly stolen in a bid to leak data. The company says that sensitive data was taken, but affirmed that customers are safe.
Credentials of Atlassian Workers Reportedly Stolen
Sensitive data that is belonging to Atlassian earlier was leaked on telegram after a hacker made use of employee credentials in an act of identity theft in getting access to a system belonging to a third-party vendor.
And as the media had reported last week, hackers from the SiegedSec threat actor group found the credentials belonging to an Atlassian employee, an Australian-based collaboration software provider. They made use of the credentials to get access to Envoy, a third-party app that Atlassian uses for the coordination of in-office resources. And as it turned out, they found the credentials after they reportedly published erroneously on a public repository.
The Stolen Data Was Leaked On Telegram
The hackers after gathering all the data that they found in Envoy, proceeded to leak it on telegram.
“We are leaking thousands of employee records as well as a few building floorplans. These employee records contain email addresses, phone numbers, names, and lots more~!”
Cybersecurity researchers from Check Point Software not long after the reported breach analyzed the stolen dataset and then confirmed that it held two-floor maps for the offices based out in Sydney and San Francisco. What’s more during the attack, SiegedSec leaked a JSON file with data on employees of Atlassian. Customer data however was not affected by this very incident.
Check Point stated what was confirmed later by all parties involved: Alassian’s systems were not breached directly, but rather, the attackers accessed Envoy through stolen credentials.
Atlassian’s Reaction to the Hack
“On February 15, 2023 we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published. Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk,” revealed to the publication.
“The safety of Atlassians is our priority, and we worked quickly to enhance physical security across our offices globally. We are actively investigating this incident and will continue to provide updates to employees as we learn more.”
Envoy’s System Was Not Compromised during the Hack
Envoy also stated that its systems were not compromised.
“We’re investigating this right now and are not aware of any compromise to our systems. Our initial research shows that a hacker gained access to an Atlassian employee’s valid credentials to pivot and access the Atlassian employee directory and office floor plans held within Envoy’s app,” the company revealed to the BleepingComputer.
“Envoy, like Atlassian, takes the security and privacy of our customers’ data incredibly seriously and has stringent measures in place to protect it.”
“We can confirm Envoy’s systems were not compromised or breached and no other customer’s data was accessed,” the company reiterated later.