Atlassian worker’s credentials stolen to leak data

Sensitive data was taken, but customers are safe, the company says

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Sensitive data belonging to Atlassian was leaked earlier on Telegram after a hacker used employee credentials in an act ofidentity theftto access a system belonging to a third-party vendor.

As the media reported late last week, hackers from the SiegedSec threat actor group found the credentials belonging to an employee of the Australian-based collaboration software provider, Atlassian. They used those credentials to access Envoy, a third-party app that Atlassian uses for the coordination of in-office resources.

As it turns out, they found the credentials after they were erroneously published on a public repository.

Leaks on Telegram

After gathering the data found in Envoy, they leaked it on Telegram:

“We are leaking thousands of employee records as well as a few building floorplans. These employee records contain email addresses, phone numbers, names, and lots more~!”

Not long after the breach, cybersecurity researchers from Check Point Software analyzed the stolen dataset and confirmed it held two floor maps for the Sydney and San Francisco offices. What’s more, SiegedSec leaked a JSON file with data on Atlassian employees.Customer datawas not affected by this incident.

Check Point then stated what was later confirmed by all parties: Atlassian’s systems weren’t directly breached, but the attackers rather accessed Envoy via stolen credentials.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Atlassian is being actively exploited to compromise corporate networks>Atlassian is suffering a whole bunch of awful security issues>These are the best firewalls right now

“On February 15, 2023 we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published. Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk,” Atlassian told the publication.

“The safety of Atlassians is our priority, and we worked quickly to enhance physical security across our offices globally. We are actively investigating this incident and will continue to provide updates to employees as we learn more.”

Envoy also said its systems weren’t compromised.

“We’re investigating this right now and are not aware of any compromise to our systems. Our initial research shows that a hacker gained access to an Atlassian employee’s valid credentials to pivot and access the Atlassian employee directory and office floor plans held within Envoy’s app,” the company told BleepingComputer.

“Envoy, like Atlassian, takes the security and privacy of our customers’ data incredibly seriously and has stringent measures in place to protect it.”

“We can confirm Envoy’s systems were not compromised or breached and no other customer’s data was accessed,” the company later reiterated.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time