\n<\/p>\n
Australian software giant\u00a0Atlassian and Envoy, a startup that provides workplace management services, were at loggerheads on Thursday over a data breach that exposed the data of thousands of Atlassian employees.<\/p>\n
As first reported by\u00a0Cyberscoop<\/a>, a hacking group known as SiegedSec leaked data on Telegram this week that it claimed to have stolen from Atlassian. This data includes the names, email addresses, work departments, and phone numbers of approximately 13,200 Atlassian employees, along with floor plans of Atlassian offices located in San Francisco and Sydney, Australia.<\/p>\n \u201cSiegedSec is here to announce that we have hacked the software company Atlassian,\u201d SiegedSec said in a Telegram message seen by TechCrunch. \u201cThis company worth $44 billion has been pwned by the furry hackers uwu.\u201d\u00a0SiegedSec made headlines last year after it\u00a0leaked<\/a> eight gigabytes of data from the state governments of Kentucky and Arkansas, in protest at the states\u2019 efforts to enact abortion bans following the Supreme Court\u2019s decision to overturn Roe v. Wade<\/a>.<\/p>\n Atlassian was quick to point the finger of blame for the breach at Envoy, which the Sydney-headquartered company uses to organize its office spaces. \u201cOn February 15, 2023, we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published,\u201d Atlassian spokesperson Megan Sutton said in a statement shared with TechCrunch. \u201cAtlassian product and customer data is not accessible via the Envoy app and therefore not at risk.\u201d<\/p>\n Envoy, however, was just as quick to rebuff Atlassian\u2019s claims. Envoy spokesperson April Marks told TechCrunch that the startup is \u201cnot aware of any compromise to our systems,\u201d adding that initial research had shown that \u201ca\u00a0hacker gained access to an Atlassian employee\u2019s valid credentials to pivot and access the Atlassian employee directory and office floor plans held within Envoy\u2019s app.\u201d\u00a0Envoy declined to provide evidence of its claims or to answer specific questions.<\/p>\n Soon after the startup\u2019s denial, Atlassian changed its stance to align more closely with Envoy. Atlassian\u2019s Sutton told TechCrunch that the company\u2019s internal investigation since revealed that attackers had actually compromised Atlassian data from the Envoy app \u201cusing an Atlassian employee\u2019s credentials that had been mistakenly posted in a public repository by the employee.\u201d<\/p>\n \u201cAs such, the hacking group had access to data visible via the employee account which included the published office floor plans and public Envoy profiles of other Atlassian employees and contractors,\u201d Sutton added. \u201cThe compromised employee\u2019s account was promptly disabled eliminating any further threat to Atlassian\u2019s Envoy data. Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk.\u201d<\/p>\n While it appears that Envoy was not at fault for the Atlassian data breach, the workplace management startup \u2014 which counts a number of big-name customers, including Hulu, Pinterest, Slack, and Stripe \u2014 is no stranger to security incidents. In 2019, security researchers at IBM uncovered two flaws in Envoy\u2019s visitor management system<\/a> that could have exposed customer data.<\/p>\n<\/p><\/div>\n