Atlassian resets HipChat passwords after 'suspicious' activity

[steven36]

Atlassian has reset the passwords for some users of its HipChat messaging application after personal data and email addresses were accessed, the company said Saturday.

The “suspicious” activity caused names, usernames, email addresses and encrypted passwords to be exposed for less than 2 percent of HipChat users, wrote Craig Davies, Atlassian’s security head. Affected users are being contacted.

No payment information was accessed, he wrote. Davies did not specify when the breach occurred or when Atlassian discovered it.

HipChat is an audio, video and text messaging application designed for group collaboration within enterprises. Atlassian, which makes software development and collaboration tools, acquired HipChat in March 2012.

Davies wrote that Atlassian was also triggering a password reset for other Atlassian services that shared the same email addresses as the affected HipChat accounts.

The leaked encrypted passwords were hashed. Hashing creates a representation of a plain-text password after running it through an algorithm. That is considered the safest way to handle passwords, as it is difficult for hackers to convert a hash created with a strong algorithm into its original password. The passwords were also “salted,” an additional security measure.

Davies wrote Atlassian is “constantly enhancing the security of our service infrastructure to keep you and your data safe.”

“While recent events with other large services have demonstrated this type of activity is increasing, so too is our vigilance in blocking and addressing it,” he wrote.

Source