On February 15th, 2023, Atlassian, an Australian software vendor, experienced a significant data breach. A group of hackers calling themselves SiegedSec posted data online, including what appears to be personal information for over 13,000 employees and floor plans for two of the company’s offices in San Francisco and Sydney. The data dump is said to have included names, email addresses, work departments, and other information. The group took responsibility for the attack in a message posted with the files, announcing that the “furry hackers uwu” had successfully hacked the company.
Atlassian is an Australian company that produces software for project management and collaboration, including well-known products such as Trello, Jira, and Confluence. The company has offices around the world and is currently valued at around $46 billion. In the 2022 fiscal year, Atlassian reported $2.8 billion in revenue and had more than 242,000 customers, with 8,813 employees.
In response to the breach, Atlassian released a statement saying that they had learned that data from a third-party app called Envoy had been compromised and published. The company stated that the Envoy app was used to coordinate in-office resources and that Atlassian product and customer data were not accessible via the app and therefore not at risk. Atlassian worked quickly to enhance physical security across its offices globally, and they are actively investigating the incident. They have stated that the safety of Atlassian employees is their top priority and that they will continue to provide updates to employees as they learn more.
This is not the first time Atlassian has faced a significant security incident. On June 2nd, 2022, the company disclosed a critical vulnerability in its Confluence Server and Data Center software that allowed attackers to execute arbitrary code on victims’ machines. The company quickly issued a fix for the problem, which had been used by “multiple threat groups and individual actors.” In June 2022, SiegedSec made headlines after claiming to have hacked “internal documents and files retrieved from Kentucky’s and Arkansas’ government server” in response to abortion bans amid a wave of hacktivist activity in the wake of the Dobbs v. Jackson Supreme Court ruling that reversed Roe v. Wade.
Data breaches like this one can have serious consequences for companies and their employees. In addition to exposing personal information, they can also result in financial losses, legal liabilities, and damage to the company’s reputation. It is important for companies to take steps to prevent data breaches by implementing robust security measures, training employees on security best practices, and staying up-to-date on the latest threats and vulnerabilities.