Ed. observe: This story has been up to date to incorporate an announcement from Envoy supplied to Dark Reading in regards to the incident.
A risk group known as SiegedSec lately posted a cache of worker and operations info allegedly stolen from software program workforce collaboration instrument supplier Atlassian.
Now Atlassian, greatest recognized for its Trello, Jira, and Confluence manufacturers, is reassuring its clients their information is safe, and based on experiences, defined {that a} third-party app was breached, compromising worker information together with names, emails, departments, and flooring plans of segments of Atlassian places of work situated in San Francisco, Calif., and Sydney, Australia.
“On February 15, 2023 we realized that information from Envoy, a third-party app that Atlassian makes use of to coordinate in-office assets, was compromised and revealed,” an Atlassian spokesperson advised CyberScoop. “Atlassian product and buyer information isn’t accessible by way of the Envoy app and subsequently not in danger.”
The firm assertion added there’s an ongoing investigation into the breach.
Envoy says the breach possible occurred because of the risk actor having access to worker credentials.
“We’re investigating this proper now and will not be conscious of any compromise to our methods,” an Envoy spokesperson mentioned in an announcement emailed supplied to Dark Reading. “Our initial research shows that a hacker gained access to an Atlassian employee’s valid credentials to pivot and access the Atlassian employee directory and office floor plans held within Envoy’s app.”