IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Atlassian breach sparks brief blame game with app provider

Atlassian and a third-party app provider, Envoy, both presented contesting claims over the source of the breach

Atlassian has confirmed a data breach involving employee data, briefly prompting a back-and-forth blame game between it and a third-party app provider.  

A hacker group known as ‘SiegedSec’ claimed responsibility for an attack on Atlassian on Wednesday in a post via Telegram. The group claimed to have accessed employee information and details on office floor plans at sites in San Francisco and Sydney.  

Employee data, including names, email addresses, phone numbers, and additional miscellaneous information was exposed in the breach, according to SiegedSec.  

“SiegedSec is here to announce we have hacked the software company Atlassian,” the group said in a Telegram statement.  

“We are leaking thousands of employee records, as well as a few building floorplans. These employee records contain email addresses, phone numbers, names, and lots more.” 

Conflicting reports 

In a statement yesterday, Atlassian confirmed a data breach had occurred but initially suggested that data from Envoy, which provides office visitor management tools, was compromised and published.

“On February 15 2023, we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published,” the company said at the time. 

“Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk. The safety of Atlassians is our priority, and we worked quickly to enhance physical security across our offices globally.” 

However, in a statement given to IT Pro, Envoy said that a preliminary investigation revealed that the hack appeared to be the result of attackers stealing user credentials from an Atlassian employee, which then enabled them to extract data from the app.

“We found evidence in the logs of requests that confirms the hackers obtained valid user credentials from an Atlassian employee account and used that access to download the affected data from Envoy’s app,” the company said.

“We can confirm Envoy’s systems were not compromised or breach and no other customer’s data was accessed.” 

Related Resource

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Whitepaper cover with image of female worker behind a desktop computer screen in front of a brick wallFree Download

The company added that security teams at both Envoy and Atlassian were “collaborating to identify the source of the data compromise”.  

This appears to have prompted a U-turn at Atlassian, which has since issued a statement clarifying the situation. The company now says it does not believe the incident was caused by a breach of Envoy’s systems.  

“Our security team is carefully exploring all possible avenues to understand how the threat actor gained access and working closely with Envoy to do so,” Atlassian said.

“While we do not wish to speculate, for the sake of clarification, we are aligned with Envoy in the belief that our app data was not compromised due to a breach of their systems.” 

Who are SiegedSec? 

SiegedSec appears to be a relatively small cybercrime group which emerged on the scene in early 2022.  

Insights from DarkOwl, a darknet data provider, suggest that the group emerged just days before the Russian invasion of Ukraine in February 2022. The group is allegedly led by a “renowned hacktivist” who sues the moniker, YourAnonWolf.

The group has since gone on to successfully target a number of organisations. In June 2022, the company claimed to have stolen sensitive internal documents from government servers in the US states of Kentucky and Arkansas.

The attack was thought to have been in reprisal for the US Supreme Court’s decision to reverse Roe v. Wade.  

Featured Resources

IT best practices for accelerating the journey to carbon neutrality

Considerations and pragmatic solutions for IT executives driving sustainable IT

Free Download

The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize

Free download

Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation

Free Download

The strategic CFO

Why finance transformation propels business value

Free Download

Most Popular

HMRC lost nearly 50% more devices in 2022

HMRC lost nearly 50% more devices in 2022

17 Mar 2023
The big PSTN switch off: What’s happening between now and 2025?

The big PSTN switch off: What’s happening between now and 2025?

13 Mar 2023
Outlook zero day patch causes headaches for Windows admins

Outlook zero day patch causes headaches for Windows admins

15 Mar 2023