Story image

Atlassian's workplace chat tool 'HipChat' affected by data breach

02 May 2017

Workplace group chat tool HipChat has been hit by a data breach and users are being advised to check if they are vulnerable. The app’s producer Atlassian says it has contacted all affected users, however all users should still change passwords.

In a blog post, HipChat mentions that all passwords are now invalidated on all HipChat-connected user accounts affected by the breach. HipChat users who do not receive an email with password reset instructions have not been affected by the breach. 

According to Stay Smart Online, the breach involved potential unauthorised access to sensitive data, although there is no evidence of access to financial or credit card information. There is also no evidence that any other Atlassian system or product was affected by the breach.

According to the blog post, the breach focused on four areas:

“For all instances (each of which is represented by a unique url—e.g. company.hipchat.com), the attacker may have accessed user account information (including name, email address and hashed password). HipChat hashes passwords using bcrypt with a random salt. Room metadata (including room name and room topic) may have also been accessed.

For a small number of instances (less than 0.05%), messages and content in rooms may have been accessed. We are contacting and will work closely with these customers.

For the vast majority of instances (more than 99.95%), we have found no evidence that messages or content in rooms have been accessed."

The company has isolated all affected systems and blocked any unauthorised access. The company is also working with law enforcement in ongoing investigation.

Stay Smart Online recommends that when a data breach happens, users should change passwords, monitor accounts for suspicious activity and seek advice from the vendor.

Passwords should be different for each online service, more than 10 characters and include upper and lower case letters, numbers and symbols.

NZ investment funds throw weight against social media giants
A consortium of NZ funds managing assets worth more than $90m are appealing against Facebook, Twitter, and Google following the Christchurch terror attacks.
Poly appoints new A/NZ managing director, Andy Hurt
“We’re excited to be bringing together two established pioneers in audio and video technology to be moving forward and one business – Poly."
NVIDIA announces Jetson Nano: A US$99 tiny, yet mighty AI computer 
“Jetson Nano makes AI more accessible to everyone, and is supported by the same underlying architecture and software that powers the world's supercomputers.”
Unity and NVIDIA announce real-time ray tracing across industries
For situations that demand maximum photorealism and the highest visual fidelity, ray tracing provides reflections and accurate dynamic computations for global lighting.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
NVIDIA introduces a new breed of high-performance workstations
“Data science is one of the fastest growing fields of computer science and impacts every industry."
Apple says its new iMacs are "pretty freaking powerful"
The company has chosen the tagline “Pretty. Freaking powerful” as the tagline – and it’s not too hard to see why.
NZ ISPs issue open letter to social media giants to discuss censorship
Content sharing platforms have a duty of care to proactively monitor for harmful content, act expeditiously to remove content which is flagged to them as illegal.