Delicate knowledge belonging to Atlassian was leaked earlier on Telegram after a hacker used worker credentials in an act of id theft to entry a system belonging to a third-party vendor.

Because the media reported late final week, hackers from the SiegedSec menace actor group discovered the credentials belonging to an worker of the Australian-based collaboration software program supplier, Atlassian. They used these credentials to entry Envoy, a third-party app that Atlassian makes use of for the coordination of in-office sources.

Because it seems, they discovered the credentials after they had been erroneously printed on a public repository.

Leaks on Telegram

After gathering the info present in Envoy, they leaked it on Telegram:

“We’re leaking 1000’s of worker information in addition to a number of constructing floorplans. These worker information comprise electronic mail addresses, telephone numbers, names, and plenty extra~!”

Not lengthy after the breach, cybersecurity researchers from Test Level Software program analyzed the stolen dataset and confirmed it held two ground maps for the Sydney and San Francisco places of work. What’s extra, SiegedSec leaked a JSON file with knowledge on Atlassian workers. Buyer knowledge (opens in new tab) was not affected by this incident.

Test Level then acknowledged what was later confirmed by all events: Atlassian’s methods weren’t immediately breached, however the attackers slightly accessed Envoy by way of stolen credentials. 

“On February 15, 2023 we discovered that knowledge from Envoy, a third-party app that Atlassian makes use of to coordinate in-office sources, was compromised and printed. Atlassian product and buyer knowledge is just not accessible by way of the Envoy app and subsequently not in danger,” Atlassian advised the publication.

“The security of Atlassians is our precedence, and we labored rapidly to reinforce bodily safety throughout our places of work globally. We’re actively investigating this incident and can proceed to supply updates to workers as we study extra.”

Envoy additionally mentioned its methods weren’t compromised.

“We’re investigating this proper now and will not be conscious of any compromise to our methods. Our preliminary analysis reveals {that a} hacker gained entry to an Atlassian worker’s legitimate credentials to pivot and entry the Atlassian worker listing and workplace ground plans held inside Envoy’s app,” the corporate advised BleepingComputer.

“Envoy, like Atlassian, takes the safety and privateness of our prospects’ knowledge extremely critically and has stringent measures in place to guard it.”

“We will verify Envoy’s methods weren’t compromised or breached and no different buyer’s knowledge was accessed,” the corporate later reiterated.

• Take a look at the perfect endpoint safety (opens in new tab) providers proper now

By way of: BleepingComputer (opens in new tab)