HipChat Hacked | Company Resets Passwords
Representatives of HipChat (popular group chat for businesses owned by Atlassian) issued an official warning , according to which in the last weekend it has discovered the invasion in one of HipChat Cloud servers. According to the company, a hacker or group of hackers took advantage of vulnerabilities in an unnamed third-party library that was used by HipChat.com.
Experts from HipChat warn that hackers can compromise even the correspondence of users, as may have occurred posts leakage, and other content from some of the chat rooms. Fortunately, this problem affected only 0.05% of instances, while 99.95% in order.
The company tough says that the financial information of customers is not affected, and there was no evidence of compromised systems and other Atlassian products.
Company has resolved almost all the issues and have apologized for the disruption.
The attackers allegedly gained access to all instances each represented by its own URL in the imyakomanii.hipchat.com format , with user account information, including their name, email and password hashes. It reported that HipChat hashes using passwords and random bcrypt salt. Also, attackers could gain access to metadata about the chat komantah, including their names and themes.We've detected a security incident and are sending password reset instructions to users as a precaution. See https://t.co/U5chS0chk5 (1/4)— Atlassian HipChat (@HipChat) April 24, 2017
Experts from HipChat warn that hackers can compromise even the correspondence of users, as may have occurred posts leakage, and other content from some of the chat rooms. Fortunately, this problem affected only 0.05% of instances, while 99.95% in order.
The company tough says that the financial information of customers is not affected, and there was no evidence of compromised systems and other Atlassian products.
Company has resolved almost all the issues and have apologized for the disruption.
[status] Monitoring: The Atlassian account signup and login issues have been resolved (see http://status.atlass... https://t.co/UwX38TdvTK— Atlassian HipChat (@HipChat) April 25, 2017