Skip to main content

Atlassian’s HipChat hacked; user info, messages, and content possibly accessed

Image Credit: Atlassian

HipChat users should reset their passwords after a vulnerability was discovered this weekend in a “popular third-party library” used on the service’s website. Parent company Atlassian claimed there’s no evidence to indicate that other systems or products have been affected. It has since reset the passwords for all HipChat-connected user accounts and sent an email with instructions on how to regain access.

Some people may be impacted more than others, as Atlassian believes unauthorized persons may have accessed not only user account information, such as name, email address, and hashed passwords, but also likely room metadata. The company said that in less than 0.05 percent of instances, messages and content could also have been compromised. Atlassian said it’s working with affected users to fix any problems.

However, more than 99 percent of users are not believed to have been inconvenienced by this hacking incident.

In a blog post, Ganesh Krishnan, Atlassian’s chief security officer, wrote: “While HipChat Server uses the same third-party library, it is typically deployed in a way that minimizes the risk of this type of attack. We are preparing an update for HipChat Server that will be shared with customers directly through the standard update channel.”

VB Event

The AI Impact Tour – Atlanta

Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
Request an invite

He continued: “We are confident we have isolated the affected systems and closed any unauthorized access.”

The company said it’s working with law enforcement to investigate the breach.

VB Daily - get the latest in your inbox

Thanks for subscribing. Check out more VB newsletters here.

An error occured.