Security News > 2023 > February > Atlassian data leak caused by stolen employee credentials
Atlassian suffered a data leak after threat actors used stolen employee credentials to steal data from a third-party vendor.
Atlassian confirmed to BleepingComputer that the compromised data was from third-party vendor Envoy which they use for in-office functions.
"On February 15, 2023 we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published. Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk," Atlassian told BleepingComputer.
"We're investigating this right now and are not aware of any compromise to our systems. Our initial research shows that a hacker gained access to an Atlassian employee's valid credentials to pivot and access the Atlassian employee directory and office floor plans held within Envoy's app," Envoy told BleepingComputer.
In a new statement from Envoy, the company states that there systems were not breached or compromised, but rather an Atlassian employee's credentials were stolen, allowing the threat actors to gain access to data stored in the Envoy app.
"Both Envoy and Atlassian security teams have been collaborating to identify the source of the data compromise. We found evidence in the logs of requests that confirms the hackers obtained valid user credentials from an Atlassian employee account and used that access to download the affected data from Envoy's app," Envoy told BleepingComputer.