Software giant Atlassian and workplace management services startup Envoy were recently seen in disagreement with each other as a result of a data breach that exposed the former's sensitive data to the public.
According to an initial report by cybersecurity news website Cyberscoop, a hacking group called SiegeSec recently leaked data that it claims to have stolen from Atlassian. Exposed data included names, email addresses, work departments and other information of about 13,200 employees. Floor plans for Atlassian's offices in Sydney and San Francisco were also included.
"THATS RIGHT FOLKS, SiegedSec is here to announce we have hacked the software company Atlassian," SiegeSec said in a message along with the exposed files."This company worth $44billion has been pwned by the furry hackers uwu."
The hacking group made headlines back in June of last year after it leaked internal files from the governments of Kentucky and Arkansas. The move was in response to the states’ efforts to enact abortion bans following the U.S. Supreme Court's decision to overturn Roe v. Wade.
After it learned of the breach, Atlassian blamed Envoy, which it uses to organize its office spaces. Its statement to Cyberscoop read:
"On February 15, 2023 we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published. Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk. The safety of Atlassians is our priority, and we worked quickly to enhance physical security across our offices globally. We are actively investigating this incident and will continue to provide updates to employees as we learn more."
However, Envoy challenged Atlassian's claim in a statement to TechCrunch. According to Envoy spokesperson April Marks, the startup is not aware of any compromise to their systems, stating further that in their initial research, "a hacker gained access to an Atlassian employee’s valid credentials to pivot and access the Atlassian employee directory and office floor plans held within Envoy’s app." The company, however, did not provide any evidence to back up its claims.
After Envoy made its own statement, Atlassian changed its tone. Its spokesperson Megan Sutton now said that the threat actors had actually compromised Atlassian data through the Envoy app "using an Atlassian employee’s credentials that had been mistakenly posted in a public repository by the employee." She further expounded:
"As such, the hacking group had access to data visible via the employee account which included the published office floor plans and public Envoy profiles of other Atlassian employees and contractors. The compromised employee’s account was promptly disabled eliminating any further threat to Atlassian’s Envoy data. Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk."
Atlassian is no stranger to security issues. Last year, the company disclosed a critical vulnerability in its Confluence Server and Data Center products that allowed cybercriminals to execute remote code on victims' systems. A month later, the company's Questions for Confluence app was found creating a default user with a hardcoded username and password.
Source: Cyberscoop via TechCrunch
3 Comments - Add comment