Atlassian Pawned by hacker group : Blame Game is on

PureID

Srishti Chaubey

February 16, 2023

Atlassian Hack

SiegedSec, the same hacking group that made headlines last year after leaking eight gigabytes of data from the state governments of Kentucky and Arkansas, has hacked the software company Atlassian. The group has shared two floor maps for the Sydney and San Francisco offices and a JSON file containing information about approximately 13,200 Atlassian employees, including their names, email addresses, work departments and phone numbers.

Atlassian Pawned by hacker group Siegedsec. The post by Siegedsec.

SiegedSec post

“THAT’S RIGHT FOLKS, SiegedSec is here to announce we have hacked the software company Atlassian,” the hacking group said in a message that was posted along with the data. “This company worth $44 billion has been pwned by the furry hackers uwu.”

Reason and responsibility:- 

"On February 15, 2023, we became aware that an unauthorised party had compromised and published data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources," said Atlassian spokesperson Megan Sutton.

Atlassian Pawned by SiegedSec

Envoy, however, was just as quick to rebuff Atlassian’s claims. Envoy spokesperson April Marks said that the startup is “not aware of any compromise to our systems,” adding that initial research had shown that “A hacker gained access to an Atlassian employee’s valid credentials to manipulate and access the Atlassian employee directory and office floor plans held within Envoy’s app.”

Soon after the startup’s denial, Atlassian changed its stance to align more closely with Envoy. They later said an employee posted their credentials on a public repository by mistake.

Damage Control:- 

Atlassian said they disabled the account of the said employee so there is no more threat to Atlassian's Envoy data. Therefore Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk.”

"The safety of Atlassians is our priority, and we worked quickly to enhance physical security across our offices globally. We are actively investigating this incident and will continue to provide updates to employees as we learn more."

Mitigation:- 

It has become increasingly common for hacker groups to target individual employees or devices to gain access to enterprise systems. If an attacker is able to obtain an employee's credentials, they can use that information to infiltrate the organization. To mitigate this risk, some experts recommend using a passwordless solution like PureAUTH. By eliminating passwords, organizations can significantly reduce the likelihood of future breaches and minimize their exposure to unforeseen vulnerabilities.

https://www.pureid.io/resolution-2023-making-world-password-free/
https://www.pureid.io/know-your-code-infrastructure-cix/
Share this article    

Connect with Us!

Subscribe to receive new blog post from PureID in your mail box