Sensitive Atlassian data was previously leaked on Telegram after a hacker used employee credentials in an identity theft operation to gain access to a third-party vendor’s system.
As the media reported late last week, hackers from the SiegedSec threat actor group found the credentials of an employee of Australia-based collaboration software provider Atlassian. They used those credentials to access Envoy, a third-party app Atlassian uses for coordinating internal resources.
It turns out that they found the credentials after they were mistakenly published in a public repository.
Leak on Telegram
After compiling the data found in Envoy, they leaked it on Telegram:
“We’re leaking thousands of employee data and a few building floor plans. This employee data includes email addresses, phone numbers, names and much more~!”
Not long after the breach, cybersecurity researchers at Check Point Software analyzed the stolen dataset and confirmed that it contained two floor plans for the Sydney and San Francisco offices. In addition, SiegedSec leaked a JSON file containing data on Atlassian employees. Customer data (opens in new tab) was not affected by this incident.
Check Point then stated what was later confirmed by all parties: Atlassian’s systems were not directly compromised, but the attackers accessed Envoy through stolen credentials.
“On February 15, 2023, we learned that data from Envoy, a third-party app Atlassian uses to coordinate internal resources, was compromised and published. Atlassian product and customer data is not accessible through the Envoy app and is therefore not at risk .,” Atlassian told the publication.
“The safety of Atlassians is our priority, and we have been working quickly to improve physical security in our offices worldwide. We are actively investigating this incident and will continue to provide updates to employees as we learn more.”
Envoy also said its systems were not compromised.
“We are currently investigating this and are not aware of any compromise with our systems. Our initial investigation shows that a hacker gained access to an Atlassian employee’s valid credentials to access the Atlassian employee directory and office floor plans that are located in the Envoy app will be kept.”, the company told BleepingComputer.
“Envoy, like Atlassian, takes the security and privacy of our customers’ data incredibly seriously and has taken strict measures to protect it.”
“We can confirm that Envoy’s systems have not been compromised or breached and no other customers’ data has been accessed,” the company later reiterated.
Via: Bleeping Computer (opens in new tab)