Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Atlassian HipChat group chat service hacked, change your password now!

Atlassian announced that unknown hackers broke into a cloud server of the company and accessed a huge amount of data of its group chat service HipChat. On Monday, Atlassian reset user passwords for its group chat service HipChat after it notified its customers of a data breach.  Unknown hackers broke into a cloud server of […]

Atlassian HipChat group chat service

Atlassian announced that unknown hackers broke into a cloud server of the company and accessed a huge amount of data of its group chat service HipChat.

On Monday, Atlassian reset user passwords for its group chat service HipChat after it notified its customers of a data breach.  Unknown hackers broke into a cloud server of the company and stole a huge amount of data, including group chat logs.

According to Atlassian, attackers exploited a vulnerability in a “popular third-party” software library used by its HipChat.com service, the company did not reveal the name of the library.

“This weekend our Security Intelligence Team detected a security incident affecting a server in the HipChat Cloud web tier. The incident involved a vulnerability in a popular third-party library used by HipChat.com. We have found no evidence of other Atlassian systems or products being affected.” reads the security notice published by Atlassian.

“As a precaution, we have invalidated passwords on all HipChat-connected user accounts and sent those users instructions on how to reset their password.”

Atlassian HipChat group chat service

Hackers accessed user account data, including names, hashed passwords, and email addresses, according to the company, no financial data has been exposed.

According to the company, hackers may have stolen metadata from HipChat “rooms” or groups, this information could be used to extract information that’s not intended to be public.

Attackers may also have stolen messages and content in chat rooms for about 0.05 percent of the instances.

“For the vast majority of instances (more than 99.95%), we have found no evidence that messages or content in rooms have been accessed.” continues the data breach notification.

The company excluded that other systems of products (i.e. Jira, Confluence, or Trello) have been affected.

The good news for the users is that hacked service uses the bcrypt cryptographic algorithm for password hashing, and this system is hard to crack.

The company is already working to fix the security vulnerability in the third-party library exploited by hackers, it is preparing an update for HipChat Server that will be shared with customers directly through the standard update channel.

Atlassian has also isolated the affected systems while actively working with law enforcement on the investigation of this hack.

If you are a HipChat user, change your password and be vigilant of Phishing messages.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – HipChat , data breach)

[adrotate banner=”13″]