Atlassian has confirmed {that a} breach at a third-party vendor precipitated a current leak of firm information and that their community and buyer info is safe.

As first reported by Cyberscoop, a hacking group often known as SiegedSec leaked information on Telegram yesterday, claiming to be stolen from Atlassian, a collaboration software program firm primarily based out of Australia.

“We’re leaking hundreds of worker data in addition to a number of constructing floorplans. These worker data include e-mail addresses, cellphone numbers, names, and plenty extra~!,” mentioned the SiegedSec hackers.

Quickly after the leak, Verify Level Software program advised BleepingComputer that they analyzed the leaked information and that it contained two ground maps for the Sydney and San Francisco workplaces and a JSON file containing details about staff.

“From the preliminary evaluation, we suspect the group didn’t hack to Atlassian immediately however into a third social gathering supplier named https://envoy.com/,” Verify Level Software program advised BleepingComputer.

At this time, Atlassian confirmed to BleepingComputer that the info breach was attributable to a breach of their third-party vendor Envoy which they use for in-office capabilities.

“On February 15, 2023 we discovered that information from Envoy, a third-party app that Atlassian makes use of to coordinate in-office sources, was compromised and printed. Atlassian product and buyer information will not be accessible by way of the Envoy app and subsequently not in danger,” Atlassian advised BleepingComputer.

“The security of Atlassians is our precedence, and we labored rapidly to boost bodily safety throughout our workplaces globally. We’re actively investigating this incident and can proceed to supply updates to staff as we study extra.”

Nonetheless, Envoy says that they aren’t conscious of a breach on their facet and believes that an Atlassian worker’s credentials have been stolen, permitting the risk actor entry to the info contained in the Envoy app.

“We’re investigating this proper now and usually are not conscious of any compromise to our techniques. Our preliminary analysis reveals {that a} hacker gained entry to an Atlassian worker’s legitimate credentials to pivot and entry the Atlassian worker listing and workplace ground plans held inside Envoy’s app,” Envoy advised BleepingComputer.

“Envoy, like Atlassian, takes the safety and privateness of our clients’ information extremely severely and has stringent measures in place to guard it.”

Replace 2/16/23 4:35 PM ET: Added Envoy assertion