Cyber Incident Victim: Atlassian

On or around April 25, 2017, Atlassian disclosed a security breach affecting its HipChat workplace chat platform. The incident stemmed from a vulnerability in a third-party library utilized by HipChat.com, which attackers exploited over the preceding weekend. The compromise targeted a server within the HipChat Cloud web tier infrastructure. For all HipChat Cloud instances, the intrusion potentially exposed user account information including names, email addresses, and hashed passwords. Room metadata—comprising room names and topics—was also potentially accessed. In a limited subset of instances representing less than 0.05% of the total, forensic evidence indicated attackers may have obtained messages and other room content. Atlassian confirmed the breach did not extend to other corporate systems such as Jira, Confluence, or Trello, maintaining isolation of the affected HipChat infrastructure.

HipChat Chief Security Officer Ganesh Krishnan detailed the company's response, noting passwords were hashed using bcrypt with random salts prior to the breach. As a containment measure, Atlassian invalidated passwords across all potentially compromised user accounts and issued reset instructions to affected individuals. The organization concurrently developed a security update for HipChat Server deployments to address the vulnerability exploited in the attack. Krishnan asserted confidence in the effectiveness of containment measures, stating unauthorized access pathways had been closed and impacted systems isolated. No evidence suggested continued adversary presence post-containment. The incident exclusively impacted HipChat Cloud environments, with no data indicating collateral compromise of Atlassian's broader product ecosystem or corporate networks.