Workplace chat platform HipChat has become the newest victim of cyberattack. The Atlassian company announced the news on the weekend. According to the reports, the attack was due to a vulnerability in a third-party library used by HipChat.com
The attack affected a server in the HipChat Cloud web tier, though at a meager level. But evidence suggest that content and messages in the rooms may have been accessed, these include details like names, email addresses and even hashed passwords.
HipChat Chief Security Officer Ganesh Krishnan noted that HipChat hashes passwords using bcrypt with a random salt. “As a precaution, we have invalidated passwords on all HipChat-connected user accounts and sent those users instructions on how to reset their passwords,” said HipChat chief security officer Ganesh Krishnan.
“If you are a user of HipChat.com and do not receive an email from our Security Team with these instructions, we have found no evidence that you are affected by this incident.”
There’s no evidence the breach impacted other Atlassian systems, like Jira, Confluence or Trello. “We are confident we have isolated the affected systems and closed any unauthorized access,” Krishnan wrote.
“While HipChat server uses the same third-party library, it is typically deployed in a way that minimizes the risk of this type of attack,” said Krishnan. “We are preparing an update for HipChat Server that will be shared with customers directly through the standard update channel.”
