This article is more than 1 year old

Atlassian HipChat service popped

Encrypted, salted passwords a tough nut to crack

Attackers have popped the HipChat service run by software house Atlassian, accessing names, encrypted passwords and email addresses for two per cent of users.

The company has warned users – who have to date sent some four billion messages using HipChat – to reset passwords.

Sydney-based security director Craig Davies said his firm had no evidence that payment information was compromised.

"Atlassian's security team has discovered and blocked suspicious activity on the HipChat service that resulted in unauthorised access to names, usernames, email addresses, and encrypted passwords for a very small percentage of our users," Davies said in a notice.

The password reset request is sensibly cautious since the codes were one-way encrypted and salted, which vastly improved their state of security.

Only consumers that had used the same email address for HipChat and other Atlassian services had passwords reset. The rest were not considered to be affected.

"We take our responsibility to protect you and your data very seriously, and we're constantly enhancing the security of our service infrastructure to keep you and your data safe," Davies said.

This hiccup follows a release of several patches late last month to plug remote code execution vulnerabilities in Atlassian kit.

The patches were applied to versions of Confluence, Bamboo, FishEye, and Crucible products. ®

More about

TIP US OFF

Send us news


Other stories you might like