A little known hacking crew called SiegedSec posted data on what appears to be thousands of Atlassian employees and floor plans for two of the Australian software vendor’s offices.
The employee file posted online Wednesday contains more than 13,200 entries and a cursory review of the file appears to show multiple current employees’ data, including names, email addresses, work departments and other information. The floor plans are for one floor of the company’s San Francisco office and another for its Sydney, Australia, office.
“THATS RIGHT FOLKS, SiegedSec is here to announce we have hacked the software company Atlassian,” a message posted with the files says. “This company worth $44billion has been pwned by the furry hackers uwu.”
An Atlassian representative initially told CyberScoop in an email on Thursday that on Feb. 15 the company learned that data from Envoy, a third-party app Atlassian uses to coordinate in-office resources, was published online, but that “Atlassian product and customer data” was “not at risk.” The company later told TechCrunch that its internal review revealed that the data was accessed from the Envoy app “using an Atlassian employee’s credentials that had been mistakenly posted in a public repository by the employee.”
A spokesperson for Envoy told CyberScoop the company’s systems were not compromised or breached. The person said that the two companies have been collaborating to identify the source of the data compromise. “We found evidence in the logs of requests that confirms that hackers obtained valid user credentials from an Atlassian employee account and used that access to download the affected data from Envoy’s app. We can confirm Envoy’s systems were not compromised or breached and no other customer’s data was accessed.”
An Australian company currently valued at roughly $46 billion, Atlassian makes software for project management and collaboration such as Trello, Jira and Confluence. The company, which has offices around the world, earned $2.8 billion in revenue in fiscal year 2022 and had more than 242,000 customers as of August 2022, the company reported at the time. The statement also said the company had 8,813 employees.
On June 2, 2022, the company disclosed a critical vulnerability in the Confluence Server and Data Center software that allowed attackers to execute arbitrary code on victims’ machines. The next day the company issued a fix for the problem that had been used by “multiple threat groups and individual actors,” Steven Adair, president of incident response firm Volexity, tweeted at the time.
SiegedSec, which launched a Telegram channel in April 2022, made headlines in in June 2022 after claiming to have hacked “internal documents and files retrieved from Kentucky’s and Arkansas’ government server,” The Record reported at the time. The hack came in response to abortion bans amid a wave of hacktivist activity in the wake of the Dobbs v. Jackson Supreme Court ruling that reversed Roe v. Wade.
Updated Feb. 17, 2023: This story has been updated to include a statement from Envoy and an updated statement from Atlassian.