Atlassian and Envoy briefly blame each other for data breach TechCrunch

Australian software program large Atlassian and Envoy, a startup that gives office administration companies, have been in dispute on Thursday over a knowledge breach that uncovered the information of 1000’s of Atlassian workers.

As first reported by cyber discoveryA hacking group often called SiegedSec leaked knowledge to Telegram this week, which it claims stole from Atlassian. This knowledge consists of the names, electronic mail addresses, enterprise departments and cellphone numbers of roughly 13,200 Atlassian workers, in addition to ground plans of Atlassian workplaces in San Francisco and Sydney, Australia.

“SiegedSec is right here to announce that we now have hacked software program firm Atlassian,” SiegedSec mentioned in a Telegram message seen by TechCrunch. “This firm price $44 billion was stolen by furry hackers uwu.” SiegedSec made headlines final 12 months. leaked The Supreme Court docket’s Roe v. Eight gigabytes of knowledge from the Kentucky and Arkansas state governments in protest of states’ efforts to implement abortion bans following the choice to overturn Wade.

Atlassian blamed the breach on Envoy, which the Sydney-based firm used to prepare workplace areas. “On February 15, 2023, we realized that knowledge from Envoy, a third-party software Atlassian makes use of to coordinate in-office sources, had been compromised and launched,” Atlassian spokesperson Megan Sutton mentioned in a press release shared with TechCrunch. “Atlassian product and buyer knowledge is just not accessible by the Envoy app and is due to this fact not in danger.”

However the Envoy was fast to dismiss Atlassian’s claims. Ambassador spokesperson April Marks instructed TechCrunch that the try was “not conscious of any compromises in our programs,” including that preliminary investigation confirmed “a hacker had accessed the Atlassian worker listing and workplace ground by having access to an Atlassian worker’s legitimate credentials.” Plans saved in Envoy’s app.”

Shortly after the try was denied, Atlassian modified its stance to align extra carefully with Envoy. Atlassian’s Sutton instructed TechCrunch that the corporate’s inner investigation since then has revealed that attackers compromised Atlassian knowledge from the Envoy app “utilizing credentials of an Atlassian worker that have been unintentionally despatched to a public repository by the worker.”

“Due to this fact, the hacking group was capable of entry knowledge seen by the worker account, which incorporates revealed workplace ground plans and public Ambassador profiles of different Atlassian workers and contractors,” added Sutton. “The compromised worker’s account was instantly disabled to remove some other risk to Atlassian’s Envoy knowledge. Atlassian product and buyer knowledge is just not accessible by the Envoy app and is due to this fact not in danger.”

Envoy initially declined to reply our particular questions, however on Friday, the corporate’s spokesperson supplied an replace stating that there was no breach on their half.

“We discovered proof within the logs of the requests confirming that hackers obtained legitimate person credentials from an Atlassian worker account and used that entry to obtain contaminated knowledge from Envoy’s app,” Envoy’s Marks mentioned.

Whereas Envoy would not look like chargeable for the Atlassian knowledge breach, the office administration startup, which counts a number of main purchasers together with Hulu, Pinterest, Slack, and Stripe, is not any stranger to safety incidents. In 2019, safety researchers at IBM uncovered two flaws in Envoy’s customer administration system that will have uncovered buyer knowledge.

Up to date with envoy remark.