Atlassian worker's credentials stolen to leak data
Date:
Mon, 20 Feb 2023 13:00:35 +0000
Description:
Investigation finds that someone posted employee credentials on a public repository by mistake.
FULL STORY ======================================================================
Sensitive data belonging to Atlassian was leaked earlier on Telegram after a hacker used employee credentials in an act of identity theft to access a system belonging to a third-party vendor.
As the media reported late last week, hackers from the SiegedSec threat actor group found the credentials belonging to an employee of the Australian-based collaboration software provider, Atlassian. They used those credentials to access Envoy, a third-party app that Atlassian uses for the coordination of in-office resources.
As it turns out, they found the credentials after they were erroneously published on a public repository. Leaks on Telegram
After gathering the data found in Envoy, they leaked it on Telegram:
"We are leaking thousands of employee records as well as a few building floorplans. These employee records contain email addresses, phone numbers, names, and lots more~!"
Not long after the breach, cybersecurity researchers from Check Point
Software analyzed the stolen dataset and confirmed it held two floor maps for the Sydney and San Francisco offices. Whats more, SiegedSec leaked a JSON
file with data on Atlassian employees. Customer data was not affected by this incident.
Check Point then stated what was later confirmed by all parties: Atlassians systems werent directly breached, but the attackers rather accessed Envoy via stolen credentials. Read more
Atlassian is being actively exploited to compromise corporate networks
Atlassian is suffering a whole bunch of awful security issues
These are the best firewalls right now
"On February 15, 2023 we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published. Atlassian product and customer data is not accessible via the
Envoy app and therefore not at risk," Atlassian told the publication.
"The safety of Atlassians is our priority, and we worked quickly to enhance physical security across our offices globally. We are actively investigating this incident and will continue to provide updates to employees as we learn more."
Envoy also said its systems werent compromised.
"Were investigating this right now and are not aware of any compromise to our systems. Our initial research shows that a hacker gained access to an Atlassian employee's valid credentials to pivot and access the Atlassian employee directory and office floor plans held within Envoys app," the
company told BleepingComputer.
"Envoy, like Atlassian, takes the security and privacy of our customers data incredibly seriously and has stringent measures in place to protect it."
We can confirm Envoys systems were not compromised or breached and no other customers data was accessed, the company later reiterated. Check out the best endpoint protection services right now
Via: BleepingComputer
======================================================================
Link to news story:
https://www.techradar.com/news/atlassian-workers-credentials-stolen-to-leak-da ta
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)