Atlassian Confirms SiegedSec Hackers Stole Employee Data and Office Floor Plans

By Richard Anderson

The enterprise software provider, Atlassian, has confirmed that a hacking group has downloaded sensitive employee data and office floor plans, but says its systems were not breached.

A threat group called SiegedSec recently announced on their Telegram channel that they had hacked into the software of Atlassian and exfiltrated sensitive data. In the announcement, they said they had stolen sensitive data from the $44 billion software company and said they would be leaking the records of thousands of Atlassian employees, and while they boasted about hacking the company, they did not disclose the motivation behind the attack. Last year, SiegedSec hacked government entities in Arkansas and Kentucky and leaked around 8GB of stolen data. The group claimed the attacks were in response to the states attempting to introduce bans on abortions, following the decision of the Supreme Court to overturn Roe v. Wade.

The Atlassian data leaked by the hacktivist group included image files of the company’s floor plans for its Sydney and San Francisco offices along with a file containing the sensitive information of around 13,000 employees and contractors, which included names, email addresses, contact telephone numbers, and other sensitive information.

The stolen data referenced the workplace platform Envoy, which Atlassian uses to coordinate its office resources. Envoy and Atlassian launched investigations to determine the source of the compromise and the scope of the security breach. Initially, Atlassian blamed Envoy for the breach, but Envoy determined its app and systems had not been breached and blamed Atlassian, as the hackers used valid Atlassian user credentials to gain access to the data and download it from the Envoy app. Atlassian later confirmed that the credentials were obtained from a public repository where they had mistakenly been posted. When Atlassian learned that the credentials had been compromised, they were quickly disabled, preventing any further unauthorized access.

“The hacking group had access to data visible via the employee account which included the published office floor plans and public Envoy profiles of other Atlassian employees and contractors,” explained Atlassian spokesperson Megan Sutton. “Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk.”

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news