[ad_1]
Australian software program big Atlassian and Envoy, a startup that gives office administration providers, have been at loggerheads on Thursday over an information breach that uncovered the information of 1000’s of Atlassian staff.
As first reported by Cyberscoop, a hacking group referred to as SiegedSec leaked knowledge on Telegram this week that it claimed to have stolen from Atlassian. This knowledge contains the names, e-mail addresses, work departments, and telephone numbers of roughly 13,200 Atlassian staff, together with flooring plans of Atlassian places of work situated in San Francisco and Sydney, Australia.
“SiegedSec is right here to announce that we have now hacked the software program firm Atlassian,” SiegedSec mentioned in a Telegram message seen by TechCrunch. “This firm value $44 billion has been pwned by the furry hackers uwu.” SiegedSec made headlines final 12 months after it leaked eight gigabytes of knowledge from the state governments of Kentucky and Arkansas, in protest on the states’ efforts to enact abortion bans following the Supreme Court docket’s resolution to overturn Roe v. Wade.
Atlassian was fast to level the finger of blame for the breach at Envoy, which the Sydney-headquartered firm makes use of to prepare its workplace areas. “On February 15, 2023, we realized that knowledge from Envoy, a third-party app that Atlassian makes use of to coordinate in-office assets, was compromised and printed,” Atlassian spokesperson Megan Sutton mentioned in a press release shared with TechCrunch. “Atlassian product and buyer knowledge is just not accessible through the Envoy app and subsequently not in danger.”
Envoy, nonetheless, was simply as fast to rebuff Atlassian’s claims. Envoy spokesperson April Marks advised TechCrunch that the startup is “not conscious of any compromise to our programs,” including that preliminary analysis had proven that “a hacker gained entry to an Atlassian worker’s legitimate credentials to pivot and entry the Atlassian worker listing and workplace flooring plans held inside Envoy’s app.” Envoy declined to offer proof of its claims or to reply particular questions.
Quickly after the startup’s denial, Atlassian modified its stance to align extra carefully with Envoy. Atlassian’s Sutton advised TechCrunch that the corporate’s inside investigation since revealed that attackers had truly compromised Atlassian knowledge from the Envoy app “utilizing an Atlassian worker’s credentials that had been mistakenly posted in a public repository by the worker.”
“As such, the hacking group had entry to knowledge seen through the worker account which included the printed workplace flooring plans and public Envoy profiles of different Atlassian staff and contractors,” Sutton added. “The compromised worker’s account was promptly disabled eliminating any additional risk to Atlassian’s Envoy knowledge. Atlassian product and buyer knowledge is just not accessible through the Envoy app and subsequently not in danger.”
Whereas it seems that Envoy was not at fault for the Atlassian knowledge breach, the office administration startup — which counts quite a few big-name prospects, together with Hulu, Pinterest, Slack, and Stripe — isn’t any stranger to safety incidents. In 2019, safety researchers at IBM uncovered two flaws in Envoy’s customer administration system that might have uncovered buyer knowledge.
[ad_2]