2
Atlassian and Envoy Briefly Blame Each Other For Data Breach - Slashdot
source link: https://it.slashdot.org/story/23/02/17/2156251/atlassian-and-envoy-briefly-blame-each-other-for-data-breach
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Atlassian and Envoy Briefly Blame Each Other For Data Breachbinspamdupenotthebestofftopicslownewsdaystalestupid freshfunnyinsightfulinterestingmaybe offtopicflamebaittrollredundantoverrated insightfulinterestinginformativefunnyunderrated descriptive typodupeerror
Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 30 million monthly users. It takes less than a minute. Get new users downloading your project releases today!Sign up for the Slashdot newsletter! or check out the new Slashdot job board to browse remote jobs or jobs in your area.
×
An anonymous reader quotes a report from TechCrunch: Australian software giant Atlassian and Envoy, a startup that provides workplace management services, were at loggerheads on Thursday over a data breach that exposed the data of thousands of Atlassian employees. As first reported by Cyberscoop, a hacking group known as SiegedSec leaked data on Telegram this week that it claimed to have stolen from Atlassian. This data includes the names, email addresses, work departments and phone numbers of approximately 13,200 Atlassian employees, along with floor plans of Atlassian offices located in San Francisco and Sydney, Australia.
Atlassian was quick to point the finger of blame for the breach at Envoy, which the Sydney-headquartered company uses to organize its office spaces. "On February 15, 2023, we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published," Atlassian spokesperson Megan Sutton said in a statement shared with TechCrunch. "Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk." Envoy, however, was just as quick to rebuff Atlassian's claims. Envoy spokesperson April Marks told TechCrunch that the startup is "not aware of any compromise to our systems," adding that initial research had shown that "a hacker gained access to an Atlassian employee's valid credentials to pivot and access the Atlassian employee directory and office floor plans held within Envoy's app."
Soon after the startup's denial, Atlassian changed its stance to align more closely with Envoy. Atlassian's Sutton told TechCrunch that the company's internal investigation since revealed that attackers had actually compromised Atlassian data from the Envoy app "using an Atlassian employee's credentials that had been mistakenly posted in a public repository by the employee." "As such, the hacking group had access to data visible via the employee account which included the published office floor plans and public Envoy profiles of other Atlassian employees and contractors," Sutton added. "The compromised employee's account was promptly disabled eliminating any further threat to Atlassian's Envoy data. Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk." In a statement to TechCrunch, Envoy's Marks ruled out a breach on its end: "We found evidence in the logs of requests that confirms the hackers obtained valid user credentials from an Atlassian employee account and used that access to download the affected data from Envoy's app."
Atlassian was quick to point the finger of blame for the breach at Envoy, which the Sydney-headquartered company uses to organize its office spaces. "On February 15, 2023, we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published," Atlassian spokesperson Megan Sutton said in a statement shared with TechCrunch. "Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk." Envoy, however, was just as quick to rebuff Atlassian's claims. Envoy spokesperson April Marks told TechCrunch that the startup is "not aware of any compromise to our systems," adding that initial research had shown that "a hacker gained access to an Atlassian employee's valid credentials to pivot and access the Atlassian employee directory and office floor plans held within Envoy's app."
Soon after the startup's denial, Atlassian changed its stance to align more closely with Envoy. Atlassian's Sutton told TechCrunch that the company's internal investigation since revealed that attackers had actually compromised Atlassian data from the Envoy app "using an Atlassian employee's credentials that had been mistakenly posted in a public repository by the employee." "As such, the hacking group had access to data visible via the employee account which included the published office floor plans and public Envoy profiles of other Atlassian employees and contractors," Sutton added. "The compromised employee's account was promptly disabled eliminating any further threat to Atlassian's Envoy data. Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk." In a statement to TechCrunch, Envoy's Marks ruled out a breach on its end: "We found evidence in the logs of requests that confirms the hackers obtained valid user credentials from an Atlassian employee account and used that access to download the affected data from Envoy's app."
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK