Atlassian, the Australian software giant, and Envoy, a startup offering workplace management services, were embroiled in a dispute on Thursday over a data breach that exposed the personal data of thousands of Atlassian employees.
First reported by Cyberscoop, the hack involved the leaking of data on Telegram by a group known as SiegedSec. The group claimed to have stolen data from Atlassian, including the names, email addresses, work departments, and phone numbers of around 13,200 employees.
The data also included floor plans of Atlassian offices in San Francisco and Sydney. SiegedSec made headlines last year after leaking data from the state governments of Kentucky and Arkansas to protest their efforts to enact abortion bans after the Supreme Court overturned Roe v. Wade.
Envoy said an Atlassian employee’s credentials were compromised
The group announced its responsibility for the Atlassian hack with a message on Telegram: “SiegedSec is here to announce that we have hacked the software company Atlassian…This company worth $44 billion has been pwned by the furry hackers uwu.”
Atlassian quickly pointed the finger of blame at Envoy, a third-party app it uses to manage its office spaces. But Envoy denied the claim, stating that its systems had not been compromised.
According to an Envoy spokesperson, a hacker gained access to an Atlassian employee’s valid credentials and then used those credentials to access the Atlassian employee directory and office floor plans held within Envoy’s app.
Everyone faces security challenges sometimes
Atlassian updated its statement, admitting that the hackers accessed data from the Envoy app through an employee’s public repository post. The breach included office floor plans and employee profiles, but Atlassian quickly disabled the compromised employee’s account, averting further risk.
Envoy denied any breach, claiming hackers obtained valid credentials from an Atlassian employee account to access the data. While no fault was found with Envoy, the 2019 discovery of security flaws in Envoy’s visitor management system raises security concerns.
The data breach highlights the importance of digital security management to avoid future breaches.