Delicate information belonging to Atlassian was leaked earlier on Telegram after a hacker used worker credentials in an act of identity theft to entry a system belonging to a third-party vendor.
Because the media reported late final week, hackers from the SiegedSec menace actor group discovered the credentials belonging to an worker of the Australian-based collaboration software program supplier, Atlassian. They used these credentials to entry Envoy, a third-party app that Atlassian makes use of for the coordination of in-office sources.
Because it seems, they discovered the credentials after they had been erroneously printed on a public repository.
Leaks on Telegram
After gathering the info present in Envoy, they leaked it on Telegram:
“We’re leaking 1000’s of worker information in addition to just a few constructing floorplans. These worker information comprise electronic mail addresses, cellphone numbers, names, and much extra~!”
Not lengthy after the breach, cybersecurity researchers from Examine Level Software program analyzed the stolen dataset and confirmed it held two ground maps for the Sydney and San Francisco places of work. What’s extra, SiegedSec leaked a JSON file with information on Atlassian workers. Customer data (opens in new tab) was not affected by this incident.
Examine Level then said what was later confirmed by all events: Atlassian’s methods weren’t immediately breached, however the attackers reasonably accessed Envoy through stolen credentials.
“On February 15, 2023 we discovered that information from Envoy, a third-party app that Atlassian makes use of to coordinate in-office sources, was compromised and printed. Atlassian product and buyer information isn’t accessible through the Envoy app and due to this fact not in danger,” Atlassian advised the publication.
“The protection of Atlassians is our precedence, and we labored shortly to reinforce bodily safety throughout our places of work globally. We’re actively investigating this incident and can proceed to supply updates to workers as we be taught extra.”
Envoy additionally mentioned its methods weren’t compromised.
“We’re investigating this proper now and will not be conscious of any compromise to our methods. Our preliminary analysis reveals {that a} hacker gained entry to an Atlassian worker’s legitimate credentials to pivot and entry the Atlassian worker listing and workplace ground plans held inside Envoy’s app,” the corporate advised BleepingComputer.
“Envoy, like Atlassian, takes the safety and privateness of our prospects’ information extremely severely and has stringent measures in place to guard it.”
“We will verify Envoy’s methods weren’t compromised or breached and no different buyer’s information was accessed,” the corporate later reiterated.
By way of: BleepingComputer (opens in new tab)
