Atlassian Blames Third-Party Provider for Data Leak

Atlassian data leak
Written by Emma Davis

Recently, the SiegedSec hacker group claimed on Telegram that it had stolen data from the Australian company Atlassian, the developer of Jira, and the company blamed a third-party provider for data leak.

Let me remind you that we also wrote that Developers Fixed a Critical Bug in Atlassian Bitbucket Server and Data Center, and also that Hackers Attack PyPI Package Developers.

And also information security specialists said that Unpatched 0-day Vulnerability in Atlassian Confluence is under Attack.

Atlassian representatives have already confirmed that the data published by the hackers is genuine. However, the company emphasized that the leak occurred from a third-party supplier, and Atlassian’s own network and customer information are securely protected.

We leak data from thousands of employees, as well as floor plans for several [Atlassian] buildings. These employee records contain email addresses, phone numbers, names, and more.SiegedSec members wrote.

Atlassian data leak

Shortly after the release of this statement, researchers from Check Point told Bleeping Computer that they had studied the leak, and it does contain floor plans of Atlassian’s offices in Sydney and San Francisco, as well as a JSON file with information about employees.

Based on initial analysis, we believe that the group did not hack Atlassian directly, but through a third-party vendor, analysts said.

Soon, Atlassian representatives themselves confirmed to the journalists of the publication that this leak was related to the hacking of a third-party supplier, Envoy, whose services the company uses for office needs.

On February 15, 2023, we became aware that data from Envoy, a third-party application that Atlassian uses to coordinate office resources, has been compromised and made public. Atlassian product and customer data is not accessible through the Envoy app and is therefore unaffected.Atlassian explained.

Interestingly, in response to this, Envoy stated that they knew nothing about any hacks. According to them, the leak was due to the fact that the credentials of one of the Atlassian employees were stolen, and this allowed attackers to access data in the Envoy app:

We are currently investigating this incident, but we are not aware of any compromise of our systems. Our preliminary analysis indicates that the hacker gained access to an Atlassian employee’s valid credentials and then accessed Atlassian employee lists and office floor plans stored in the Envoy app.the representatives of the company said.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply