Atlassian and Envoy Briefly Blame Each Other for Data Breach • InNewCL
#Atlassian #Envoy #Briefly #Blame #Data #Breach #InNewCL Welcome to InNewCL, here is the new story we have for you today:
Click Me To View Restricted Videos
Australian software giant Atlassian and Envoy, a startup that offers workplace management services, fell out on Thursday over a data breach that exposed the data of thousands of Atlassian employees.
As Cyberscoop first reported, a hacking group dubbed SiegedSec this week leaked data on Telegram allegedly stolen from Atlassian. This data includes the names, email addresses, work departments, and phone numbers of approximately 13,200 Atlassian employees, as well as floor plans of Atlassian offices in San Francisco and Sydney, Australia.
“SiegedSec is here to announce that we have hacked the software company Atlassian,” SiegedSec said in a Telegram message seen by InNewCL. “This $44 billion company was seized by the furry hackers uwu.” SiegedSec made headlines last year afterward leaked eight gigabytes of data from the Kentucky and Arkansas state governments in protest at states’ efforts to enact abortion bans after the Supreme Court ruled Roe v. pick up calf.
Atlassian was quick to blame Envoy, with which the Sydney-based company organizes its office space, for the breach. “On February 15, 2023, we learned that data from Envoy, a third-party app Atlassian uses to coordinate resources around the office, had been compromised and released,” Atlassian spokeswoman Megan Sutton said in a statement shared with InNewCL. “Atlassian product and customer data is not accessible through the Envoy app and is therefore not at risk.”
However, Envoy was just as quick to dismiss Atlassian’s claims. Envoy spokesperson April Marks told InNewCL that the startup “is not aware of any compromises in our systems,” adding that initial investigations showed that “a hacker gained access to an Atlassian employee’s valid credentials in order to to rotate and access the Atlassian employee directory and office floor plans stored in Envoy’s app.” Envoy declined to provide evidence to support his claims or to answer specific questions.
Shortly after the startup’s rejection, Atlassian changed its stance to align more closely with Envoy. Atlassian’s Sutton told InNewCL that the company’s internal investigation has since determined that attackers did in fact compromise Atlassian data from the Envoy app “using an Atlassian employee’s credentials, which the employee incorrectly posted to a public repository.” had been”.
“As such, the hacking group had access to data visible through the employee account, including the published office floor plans and public Envoy profiles of other Atlassian employees and contractors,” Sutton added. “The compromised employee’s account was immediately deactivated, eliminating any further threat to Atlassian’s Envoy data. Atlassian product and customer data is not accessible through the Envoy app and is therefore not at risk.”
While it appears that Envoy wasn’t responsible for the Atlassian data breach, the workplace management startup — which boasts a number of notable clients including Hulu, Pinterest, Slack, and Stripe — is no stranger to security incidents. In 2019, IBM security researchers uncovered two vulnerabilities in Envoy’s visitor management system that could have exposed customer data.
