Sensitive data belonging to Atlassian was leaked earlier on Telegram after a hacker used employee credentials in an act of identity theft to access a system belonging to a third-party vendor.
As the media reported late last week, hackers from the SiegedSec threat actor group found the credentials belonging to an employee of the Australian-based collaboration software provider, Atlassian. They used those credentials to access Envoy, a third-party app that Atlassian uses for the coordination of in-office resources.
As it turns out, they found the credentials after they were erroneously published on a public repository.
Leaks on Telegram
After gathering the data found in Envoy, they leaked it on Telegram:
"We are leaking thousands of employee records as well as a few building floorplans. These employee records contain email addresses, phone numbers, names, and lots more~!"
Not long after the breach, cybersecurity researchers from Check Point Software analyzed the stolen dataset and confirmed it held two floor maps for the Sydney and San Francisco offices. What’s more, SiegedSec leaked a JSON file with data on Atlassian employees. Customer data (opens in new tab) was not affected by this incident.
Check Point then stated what was later confirmed by all parties: Atlassian’s systems weren’t directly breached, but the attackers rather accessed Envoy via stolen credentials.
> Atlassian is being actively exploited to compromise corporate networks (opens in new tab)
> Atlassian is suffering a whole bunch of awful security issues (opens in new tab)
> These are the best firewalls right now (opens in new tab)
"On February 15, 2023 we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published. Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk," Atlassian told the publication.
"The safety of Atlassians is our priority, and we worked quickly to enhance physical security across our offices globally. We are actively investigating this incident and will continue to provide updates to employees as we learn more."
Envoy also said its systems weren’t compromised.
"We’re investigating this right now and are not aware of any compromise to our systems. Our initial research shows that a hacker gained access to an Atlassian employee's valid credentials to pivot and access the Atlassian employee directory and office floor plans held within Envoy’s app," the company told BleepingComputer.
"Envoy, like Atlassian, takes the security and privacy of our customers’ data incredibly seriously and has stringent measures in place to protect it."
“We can confirm Envoy’s systems were not compromised or breached and no other customer’s data was accessed,” the company later reiterated.
- Check out the best endpoint protection (opens in new tab) services right now
Via: BleepingComputer (opens in new tab)