Home Technology Atlassian information leak attributable to stolen worker credentials

Atlassian information leak attributable to stolen worker credentials

0

[ad_1]

Atlassian

2/17/23: Story and title up to date to replicate new statements from each corporations.

Atlassian suffered a knowledge leak after risk actors used stolen worker credentials to steal information from a third-party vendor. Nonetheless, the corporate says its community and buyer info are safe.

As first reported by Cyberscoop, a hacking group generally known as SiegedSec leaked information on Telegram yesterday, claiming to be stolen from Atlassian, a collaboration software program firm primarily based out of Australia.

“We’re leaking 1000’s of worker data in addition to a couple of constructing floorplans. These worker data include e mail addresses, telephone numbers, names, and much extra~!,” mentioned the SiegedSec hackers.

SiegedSec post on Telegram
SiegedSec put up on Telegram
Supply: BleepingComputer

Quickly after the leak, Examine Level Software program instructed BleepingComputer that they analyzed the leaked information and that it contained two flooring maps for the Sydney and San Francisco places of work and a JSON file containing details about workers.

“From the preliminary evaluation, we suspect the group didn’t hack to Atlassian straight however into a third occasion supplier named https://envoy.com/,” Examine Level Software program instructed BleepingComputer.

Atlassian confirmed to BleepingComputer that the compromised information was from third-party vendor Envoy which they use for in-office features.

“On February 15, 2023 we discovered that information from Envoy, a third-party app that Atlassian makes use of to coordinate in-office assets, was compromised and revealed. Atlassian product and buyer information will not be accessible through the Envoy app and due to this fact not in danger,” Atlassian instructed BleepingComputer.

“The protection of Atlassians is our precedence, and we labored shortly to reinforce bodily safety throughout our places of work globally. We’re actively investigating this incident and can proceed to supply updates to workers as we study extra.”

Nonetheless, Envoy says that they aren’t conscious of a breach on their aspect and believes that an Atlassian worker’s credentials have been stolen, permitting the risk actor entry to the info contained in the Envoy app.

“We’re investigating this proper now and usually are not conscious of any compromise to our programs. Our preliminary analysis reveals {that a} hacker gained entry to an Atlassian worker’s legitimate credentials to pivot and entry the Atlassian worker listing and workplace flooring plans held inside Envoy’s app,” Envoy instructed BleepingComputer.

“Envoy, like Atlassian, takes the safety and privateness of our clients’ information extremely critically and has stringent measures in place to guard it.”

Replace 2/17/23:

In a brand new assertion from Envoy, the corporate states that its programs weren’t breached, however quite an Atlassian worker’s credentials have been stolen, permitting the risk actors to realize entry to information saved within the Envoy app.

“Each Envoy and Atlassian safety groups have been collaborating to establish the supply of the info compromise. We discovered proof within the logs of requests that confirms the hackers obtained legitimate person credentials from an Atlassian worker account and used that entry to obtain the affected information from Envoy’s app,” Envoy instructed BleepingComputer.

“We are able to verify Envoy’s programs weren’t compromised or breached and no different buyer’s information was accessed.”

Atlassian has instructed BleepingComputer that an worker’s credentials have been mistakenly revealed to a public repository, permitting the risk actors to make use of them to steal the corporate’s information throughout the Envoy app.

“Our safety intelligence group labored intently with Envoy over the previous 48 hours to discover all doable modes of entry. Late yesterday night U.S. time, safety intelligence launched their findings and lets say with certainty how our Envoy information had been compromised,” an Atlassian spokesperson instructed BleepingComputer in an up to date assertion.

“We discovered the hacking group compromised Atlassian information from the Envoy app utilizing an Atlassian worker’s credentials that had been mistakenly posted in a public repository by the worker. As such, the hacking group had entry to information seen through the worker account which included the revealed workplace flooring plans and public Envoy profiles of different Atlassian workers and contractors.”

“The compromised worker’s account was promptly disabled early within the investigation which was confirmed efficient in eliminating any additional risk to Atlassian’s Envoy information. Atlassian product and buyer information will not be accessible through the Envoy app and due to this fact not in danger.”

Replace 2/16/23 4:35 PM ET: Added Envoy assertion
Replace 2/17/23: 9:45 PM ET: Up to date story to replicate new statements from Envoy and Atlassian.
Replace 2/17/23: 1:45 PM ET: Added extra assertion from Atlassian

[ad_2]

LEAVE A REPLY

Please enter your comment!
Please enter your name here