Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hackers disclose Atlassian data after the theft of an employee’s credentials

Atlassian discloses a data leak that was caused by the theft of employee credentials which was used to steal data from a third-party vendor. A group of hackers called SiegedSec recently published on its Telegram channel a JSON file containing data belonging to thousands of Atlassian employees and floor plans for two of the company’s […]

Atlassian

Atlassian discloses a data leak that was caused by the theft of employee credentials which was used to steal data from a third-party vendor.

A group of hackers called SiegedSec recently published on its Telegram channel a JSON file containing data belonging to thousands of Atlassian employees and floor plans for two of the company’s offices.

Atlassian

“The employee file posted online Wednesday contains more than 13,200 entries and a cursory review of the file appears to show multiple current employees’ data, including names, email addresses, work departments and other information.” reported CyberScoop. “The floor plans are for one floor of the company’s San Francisco office and another for its Sydney, Australia, office.”

The threat actors used the stolen employee credentials to steal data from a third-party vendor. The company pointed out that the incident did not impacted network and customer information.

“THATS RIGHT FOLKS, SiegedSec is here to announce we have hacked the software company Atlassian. This company worth $44billion has been pwned by the furry hackers uwu. Who knew gay furries could do such a thing! Holy fucking bingle!” reads a message posted by the group on its Telegram channel. “We are leaking thousands of employee records as well as a few building floorplans. These employee records contain email addresses, phone numbers, names, and lots more~! (Atlassian claims to have 8k employees as of June 2022, however we have conflictingly found 13k employee records) “The story is ours and it is done by hackers!” SiegedSec would like to formally say thank you to Atlassian for providing us with this data <3 Happy late-Valentines day everyone, love from SiegedSec~”

The company confirmed the data leak and revealed that the exposed data was from third-party vendor Envoy, which is a startup that provides workplace management services to the Australian software giant.

“On February 15, 2023, we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published,” Atlassian spokesperson Megan Sutton told TechCrunch. “Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk.”

On the other side, Envoy declared that they have not suffered a security breach and argued that the attackers have likely stolen the credentials from an Atlassian employee and then used them to access data used by the Envoy app.

“a hacker gained access to an Atlassian employee’s valid credentials to pivot and access the Atlassian employee directory and office floor plans held within Envoy’s app.” Envoy spokesperson April Marks told TechCrunch.

After the Envoy’s denial, Atlassian added that its internal investigation has revealed that attackers had actually compromised its data from the Envoy app “using an Atlassian employee’s credentials that had been mistakenly posted in a public repository by the employee.”

SiegedSec used employee’s credentials that had been mistakenly posted in a public repository by the employee.

“As such, the hacking group had access to data visible via the employee account which included the published office floor plans and public Envoy profiles of other Atlassian employees and contractors,” Sutton explained. “The compromised employee’s account was promptly disabled eliminating any further threat to Atlassian’s Envoy data. Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data leak)