Australian software program big Atlassian and Envoy, a startup that gives office administration providers, have been at loggerheads on Thursday over an information breach that uncovered the info of 1000’s of Atlassian staff.
As first reported by Cyberscoop, a hacking group referred to as SiegedSec leaked information on Telegram this week that it claimed to have stolen from Atlassian. This information contains the names, e mail addresses, work departments, and cellphone numbers of roughly 13,200 Atlassian staff, together with flooring plans of Atlassian places of work positioned in San Francisco and Sydney, Australia.
“SiegedSec is right here to announce that now we have hacked the software program firm Atlassian,” SiegedSec stated in a Telegram message seen by TechCrunch. “This firm value $44 billion has been pwned by the furry hackers uwu.” SiegedSec made headlines final 12 months after it leaked eight gigabytes of information from the state governments of Kentucky and Arkansas, in protest on the states’ efforts to enact abortion bans following the Supreme Courtroom’s resolution to overturn Roe v. Wade.
Atlassian was fast to level the finger of blame for the breach at Envoy, which the Sydney-headquartered firm makes use of to prepare its workplace areas. “On February 15, 2023, we discovered that information from Envoy, a third-party app that Atlassian makes use of to coordinate in-office assets, was compromised and revealed,” Atlassian spokesperson Megan Sutton stated in an announcement shared with TechCrunch. “Atlassian product and buyer information is just not accessible by way of the Envoy app and due to this fact not in danger.”
Envoy, nonetheless, was simply as fast to rebuff Atlassian’s claims. Envoy spokesperson April Marks instructed TechCrunch that the startup is “not conscious of any compromise to our methods,” including that preliminary analysis had proven that “a hacker gained entry to an Atlassian worker’s legitimate credentials to pivot and entry the Atlassian worker listing and workplace flooring plans held inside Envoy’s app.” Envoy declined to supply proof of its claims or to reply particular questions.
Quickly after the startup’s denial, Atlassian modified its stance to align extra intently with Envoy. Atlassian’s Sutton instructed TechCrunch that the corporate’s inner investigation since revealed that attackers had really compromised Atlassian information from the Envoy app “utilizing an Atlassian worker’s credentials that had been mistakenly posted in a public repository by the worker.”
“As such, the hacking group had entry to information seen by way of the worker account which included the revealed workplace flooring plans and public Envoy profiles of different Atlassian staff and contractors,” Sutton added. “The compromised worker’s account was promptly disabled eliminating any additional menace to Atlassian’s Envoy information. Atlassian product and buyer information is just not accessible by way of the Envoy app and due to this fact not in danger.”
Whereas it seems that Envoy was not at fault for the Atlassian information breach, the office administration startup — which counts various big-name clients, together with Hulu, Pinterest, Slack, and Stripe — isn’t any stranger to safety incidents. In 2019, safety researchers at IBM uncovered two flaws in Envoy’s customer administration system that might have uncovered buyer information.
