sb-as logo
Story image

Atlassian's workplace chat tool 'HipChat' affected by data breach

02 May 2017

Workplace group chat tool HipChat has been hit by a data breach and users are being advised to check if they are vulnerable. The app’s producer Atlassian says it has contacted all affected users, however all users should still change passwords.

In a blog post, HipChat mentions that all passwords are now invalidated on all HipChat-connected user accounts affected by the breach. HipChat users who do not receive an email with password reset instructions have not been affected by the breach. 

According to Stay Smart Online, the breach involved potential unauthorised access to sensitive data, although there is no evidence of access to financial or credit card information. There is also no evidence that any other Atlassian system or product was affected by the breach.

According to the blog post, the breach focused on four areas:

“For all instances (each of which is represented by a unique url—e.g., the attacker may have accessed user account information (including name, email address and hashed password). HipChat hashes passwords using bcrypt with a random salt. Room metadata (including room name and room topic) may have also been accessed.

For a small number of instances (less than 0.05%), messages and content in rooms may have been accessed. We are contacting and will work closely with these customers.

For the vast majority of instances (more than 99.95%), we have found no evidence that messages or content in rooms have been accessed."

The company has isolated all affected systems and blocked any unauthorised access. The company is also working with law enforcement in ongoing investigation.

Stay Smart Online recommends that when a data breach happens, users should change passwords, monitor accounts for suspicious activity and seek advice from the vendor.

Passwords should be different for each online service, more than 10 characters and include upper and lower case letters, numbers and symbols.

Link image
Webinar: Securing privileged access to stop attackers in their tracks
Thycotic's immersive webinar will demonstrate how attackers acquire passwords on endpoints and access critical cloud applications — without being detected.More
Story image
Aruba updates edge security platform with SD-WAN capabilities
Aruba’s latest iteration of its Edge Services Platform (ESP) has been quick to make use of HPE’s acquisition of Silver Peak in September last year.More
Story image
Gigamon & FireEye tackle security in hybrid cloud environments
The partnership is an extension to a ‘long-standing’ relationship that aims to ‘simplify, secure, and optimise hybrid cloud environments’.More
Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More
Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More