Jump to content
  • Atlassian worker's credentials stolen to leak data

    aum

    • 466 views
    • 3 minutes
     Share


    • 466 views
    • 3 minutes

    Sensitive data belonging to Atlassian was leaked earlier on Telegram after a hacker used employee credentials in an act of identity theft to access a system belonging to a third-party vendor.

     

    As the media reported late last week, hackers from the SiegedSec threat actor group found the credentials belonging to an employee of the Australian-based collaboration software provider, Atlassian. They used those credentials to access Envoy, a third-party app that Atlassian uses for the coordination of in-office resources.

     

    As it turns out, they found the credentials after they were erroneously published on a public repository.

     

    Leaks on Telegram

     

    After gathering the data found in Envoy, they leaked it on Telegram:

     

    "We are leaking thousands of employee records as well as a few building floorplans. These employee records contain email addresses, phone numbers, names, and lots more~!"

     

    Not long after the breach, cybersecurity researchers from Check Point Software analyzed the stolen dataset and confirmed it held two floor maps for the Sydney and San Francisco offices. What’s more, SiegedSec leaked a JSON file with data on Atlassian employees. Customer data was not affected by this incident.

     

    Check Point then stated what was later confirmed by all parties: Atlassian’s systems weren’t directly breached, but the attackers rather accessed Envoy via stolen credentials.

     

    "On February 15, 2023 we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published. Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk," Atlassian told the publication.

     

    "The safety of Atlassians is our priority, and we worked quickly to enhance physical security across our offices globally. We are actively investigating this incident and will continue to provide updates to employees as we learn more."

     

    Envoy also said its systems weren’t compromised.

     

    "We’re investigating this right now and are not aware of any compromise to our systems. Our initial research shows that a hacker gained access to an Atlassian employee's valid credentials to pivot and access the Atlassian employee directory and office floor plans held within Envoy’s app," the company told BleepingComputer.

     

    "Envoy, like Atlassian, takes the security and privacy of our customers’ data incredibly seriously and has stringent measures in place to protect it."

    “We can confirm Envoy’s systems were not compromised or breached and no other customer’s data was accessed,” the company later reiterated.

     

    Via: BleepingComputer

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...