After apparent hack, data from Australian tech giant Atlassian was dumped online
A little-known hacking team called SiegedSec released data on what appears to be thousands of Atlassian employees and floor plans for two of the Australian software provider’s offices.
The employee file posted online Wednesday contains more than 13,200 entries, and a cursory review of the file appears to show more current employee data, including names, email addresses, work departments and other information. The floor plans are for one floor of the company’s office in San Francisco and another for the office in Sydney, Australia.
“IT’S RIGHT PEOPLE, SiegedSec is here to announce that we have hacked the software company Atlassian,” a message with the files reads. “This 44 billion dollar company has been pwned by the furry hackers uwu.”
An Atlassian representative first told CyberScoop in an email Thursday that the company learned on Feb. 15 that data from Envoy, a third-party app Atlassian uses to coordinate resources in the office, was published online, but that “Atlassian product and customer data” was “not at risk.” The company later told TechCrunch that its internal review revealed that the data was accessed from the Envoy app “using an Atlassian employee’s credentials that had been mistakenly posted to a public repository by the employee.”
An Envoy spokesperson told CyberScoop that the company’s systems were not compromised or breached. The person said the two companies have been working together to identify the source of the data compromise. “We found evidence in the request logs confirming that hackers obtained valid user credentials from an Atlassian employee account and used that access to download the affected data from Envoy’s app. We can confirm that Envoy’s systems were not compromised or breached, and no other customers’ data was accessed.”
An Australian company valued at around $46 billion, Atlassian makes project management and collaboration software such as Trello, Jira and Confluence. The company, which has offices around the world, earned $2.8 billion in revenue in fiscal 2022 and had more than 242,000 customers as of August 2022, the company reported at the time. The statement also said the company had 8,813 employees.
On June 2, 2022, the company disclosed a critical vulnerability in its Confluence Server and Data Center software that allowed attackers to execute arbitrary code on victims’ machines. The next day, the company issued a fix for the problem that had been used by “multiple threat groups and individual actors,” Steven Adair, president of incident response firm Volexity, tweeted at the time.
SiegedSec, which launched a Telegram channel in April 2022, made headlines in June 2022 after claiming to have hacked “internal documents and files obtained from Kentucky and Arkansas government servers,” The Record reported at the time. The hack came in response to abortion bans amid a wave of hacktivist activity in the wake of the Dobbs v. Jackson Supreme Court decision that reversed Roe v. Wade.
Updated February 17, 2023: This story has been updated to include a statement from Envoy and an updated statement from Atlassian.