Data Breach

Hackers disclose Atlassian data after the theft of an employee’s credentials

Atlassian discloses a data leak that was caused by the theft of employee credentials which was used to steal data from a third-party vendor.

A group of hackers called SiegedSec recently published on its Telegram channel a JSON file containing data belonging to thousands of Atlassian employees and floor plans for two of the company’s offices.

“The employee file posted online Wednesday contains more than 13,200 entries and a cursory review of the file appears to show multiple current employees’ data, including names, email addresses, work departments and other information.” reported CyberScoop. “The floor plans are for one floor of the company’s San Francisco office and another for its Sydney, Australia, office.”

The threat actors used the stolen employee credentials to steal data from a third-party vendor. The company pointed out that the incident did not impacted network and customer information.

“THATS RIGHT FOLKS, SiegedSec is here to announce we have hacked the software company Atlassian. This company worth $44billion has been pwned by the furry hackers uwu. Who knew gay furries could do such a thing! Holy fucking bingle!” reads a message posted by the group on its Telegram channel. “We are leaking thousands of employee records as well as a few building floorplans. These employee records contain email addresses, phone numbers, names, and lots more~! (Atlassian claims to have 8k employees as of June 2022, however we have conflictingly found 13k employee records) “The story is ours and it is done by hackers!” SiegedSec would like to formally say thank you to Atlassian for providing us with this data <3 Happy late-Valentines day everyone, love from SiegedSec~”

The company confirmed the data leak and revealed that the exposed data was from third-party vendor Envoy, which is a startup that provides workplace management services to the Australian software giant.

“On February 15, 2023, we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published,” Atlassian spokesperson Megan Sutton told TechCrunch. “Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk.”

On the other side, Envoy declared that they have not suffered a security breach and argued that the attackers have likely stolen the credentials from an Atlassian employee and then used them to access data used by the Envoy app.

“a hacker gained access to an Atlassian employee’s valid credentials to pivot and access the Atlassian employee directory and office floor plans held within Envoy’s app.” Envoy spokesperson April Marks told TechCrunch.

After the Envoy’s denial, Atlassian added that its internal investigation has revealed that attackers had actually compromised its data from the Envoy app “using an Atlassian employee’s credentials that had been mistakenly posted in a public repository by the employee.”

SiegedSec used employee’s credentials that had been mistakenly posted in a public repository by the employee.

“As such, the hacking group had access to data visible via the employee account which included the published office floor plans and public Envoy profiles of other Atlassian employees and contractors,” Sutton explained. “The compromised employee’s account was promptly disabled eliminating any further threat to Atlassian’s Envoy data. Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data leak)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

11 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

18 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.