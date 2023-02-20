Atlassian confirmed that a hacker group managed to steal data from the company by using credentials for a third-party app.

Envoy and Atlassian security teams have been collaborating to identify the source of the data compromise.

The stolen data includes floorplans from the company’s multiple offices and employee information.

Atlassian confirmed that the company had suffered a data leak incident. According to the announcement, hackers used the credentials of an employee to steal data from a third-party vendor. A hacker group, known as SiegedSec, leaked the data on their Telegram group.

Late-valentine’s day hack

The hacker group shared the data with the title “Late-valentines day hack” and stated,

« THATS RIGHT FOLKS, SiegedSec is here to announce we have hacked the software company Atlassian,” a message posted with the files says. “This company worth $44 billion has been pwned by the furry hackers uwu. »

The data includes multiple floor plans from the company’s office buildings in San Francisco and Sydney along with 13,200 entries of current employees’ data, including names, email addresses, work departments, and other information. The company claims that product and customer data is not at risk currently.

The company also claimed that the initial review showed that the data was accessed from the Envoy app. Hackers used an Atlassian employee’s credentials, which were posted in a public repository by the employee as a mistake. An Envoy spokesperson stated that two companies are working togethers to be able to identify the source of the data leak. The spokesperson said,

« We found evidence in the logs of requests that confirms that hackers obtained valid user credentials from an Atlassian employee account and used that access to download the affected data from Envoy’s app. We can confirm Envoy’s systems were not compromised or breached and no other customer’s data was accessed. »