Do you use HipChat at work? Sorry to report, but the communication platform has been breached.
HipChat maker Atlassian on Monday said its Security Intelligence Team discovered the intrusion over the weekend. Hackers leveraged a vulnerability in a "popular third-party library used by HipChat.com" to access content from the service, Atlassian Chief Security Officer Ganesh Krishnan wrote in blog post.
The hackers may have accessed and made away with user account information including names, email addresses, and hashed passwords, along with metadata like the room name and topic.
In a smaller number of cases, the hackers may have also stolen the messages and other content in rooms — a potential worst-case scenario for businesses. Krishnan said HipChat is contacting and plans to "work closely" with customers who had their internal communications breached.
"For the vast majority of instances (more than 99.95 percent), we have found no evidence that messages or content in rooms have been accessed," Krishnan wrote. "Additionally, we have found no evidence of unauthorized access to financial and/or credit card information."
Related
- The Best Online Collaboration Software of 2017The Best Online Collaboration Software of 2017
HipChat issued a password reset for affected users. If you use HipChat.com, watch out for an email from the company's security team with instructions on resetting your password. HipChat is only sending these messages to impacted customers; if you don't get an email it's because the company found "no evidence" that you're affected by the breach, Krishnan wrote.
Atlassian is also currently working with law enforcement to investigate the incident. The company is readying an update for the HipChat server that will roll out via the standard update channel.
"We are confident we have isolated the affected systems and closed any unauthorized access," Krishnan wrote. "We have found no evidence of other Atlassian systems or products being affected."
A common caterpillar viewed as a pest or fishing bait turns out to be the fastest degrader of plastic we've ever witnessed.
Also, Kremlin apparently employed over 1,000 people to create fake anti-Clinton stories.
DRONE ENTHUSIASM
Drones have been taking the nation by the rage. In the last few years, drones have been used to take photos for news publications. Recently, th...
Relax HipChat Hackers May Have Nabbed User Info, Chat Content stories
A lawsuit filed yesterday in the Southern District of New York claims that the Windows version of Confide doesn't offer screenshot protection.
By using non-Latin Unicode characters, it's theoretically possible to register a domain name for a phishing website that looks nearly identical to the one it's trying to spoof.
Secure communication should really be at the top of mind for any entrepreneur. And the best line of defense probably isn't what you think.
37 restaurants confirmed as having malware installed on point of sale equipment and card details stolen between December and March.
The Switch is selling well, now Nintendo wants to ensure the games do too by thwarting piracy before it happens.
Operational since 2012, the botnet was the brainchild of one of the world's most notorious cyber criminals, who was arrested in Spain last week.
A series of computer viruses targeting companies and organizations closely resembles the Vault 7 hacking tools that WikiLeaks disclosed.
Shadow Brokers tried unsuccessfully to ransom its trove of surveillance tools, so it released them for free.
It was meant to be joke malware, but the author managed to infect himself, and the game is impossibly hard.
The company is investigating a report that data for payment cards used at Gamestop.com has shown up for sale online.
A security researcher demonstrated an exploit that uses digital terrestrial TV signals to implant malicious code in the web browsers of smart TVs.
Pornhub on Thursday officially switched to HTTPS, so visitors can now access the site over an encrypted channel. YouPorn will also soon be making the switch.
Congress just moved to let ISPs sell your personal data. Here's how to protect yourself.
It's a 12-sided coin packed full of features to make it very difficult to counterfeit.
The messaging services are renowned for their end-to-end encryption, which, in this case, also made them vulnerable to attacks.
Cloudflare says it patched a bug that could compromise user accounts at popular websites.
Is public Wi-Fi safe? Hell, no. But there are steps you can take.
Let's be honest, that's a surprise to no one.
Your intensions when cracking a Wi-Fi password are no doubt noble—we trust you—so here's how to do it.
AT&T's launch is part of a promise to bring underserved areas online.
Amazon Alexa's more than 10,000 third-party skills are the way to make your Echo really come alive. Here are the top 3,000 in 20 categories chosen by user review rating.
Phoenix-area residents can apply now to be among the first in the world to ride in and give feedback about Waymo's self-driving vehicles.
Love cooking at home, but don't have time to plan and shop for your meals? A meal-kit delivery service takes care of those details and lets you focus on being a chef.
A first-of-its-kind deal between the NFL and wearable maker Whoop will allow players to sell their own biometric data.
After getting nailed with a $2.2 million FTC settlement for tracking users, Vizio debuts new XLED-backlit HDR displays to grab your attention.
CNN pundit, Obama administration Green Jobs advisor, and Dream Corps founder Van Jones stopped by PCMag's offices to talk about his efforts to make Silicon Valley more diverse.
Flying cars. Really.
We break down exactly what you'll get with each VoIP vendor at each price tier and how they perform head to head. So don't make your business VoIP buying decision without reading this article first.
A common caterpillar viewed as a pest or fishing bait turns out to be the fastest degrader of plastic we've ever witnessed.