HipChat resets user passwords after hacker steals names, emails, more

There's no evidence to suggest financial data was accessed For those who found themselves unable to log into popular chat service HipC...

There's no evidence to suggest financial data was accessed

For those who found themselves unable to log into popular chat service HipChat recently, here’s why: An unknown intruder broke into one of its servers over the weekend, forcing the company to reset users’ passwords as a precaution.

In a security notice on the firm's blog, Atlassian’s Chief Security Officer, Ganesh Krishnan, writes that the incident was the result of a vulnerability in a “popular third-party library.”

The attacker may have accessed user account information such as names, email addresses, and hashed passwords, along with metadata such as room names and topics. The post notes that HipChat hashes passwords using bcrypt with a random salt.

In a small number of instances – under 0.05 percent – messages and content posted in rooms may have been accessed, but there’s no evidence of any financial and credit card information being stolen. Additionally, no other Atlassian products, such as Trello and Jira, were compromised during the attack.

After invalidating all the passwords on HipChat-connected accounts, the company sent out emails with instructions on how to reset the login credentials. If you’re a user who didn’t receive an email, the security team has found no evidence you were affected.

“While HipChat Server uses the same third-party library, it is typically deployed in a way that minimizes the risk of this type of attack. We are preparing an update for HipChat Server that will be shared with customers directly through the standard update channel,” states the blog post.

“We are confident we have isolated the affected systems and closed any unauthorized access,” added Krishnan.

Atlassian said it is now working with law enforcement on the investigation of this matter.


http://www.techspot.com/news/69080-hipchat-resets-user-passwords-after-hacker-steals-names.html
Name

English News techspot.com
false
ltr
item
Techno - Gampong IT - Reference Information Technology: HipChat resets user passwords after hacker steals names, emails, more
HipChat resets user passwords after hacker steals names, emails, more
http://www.techspot.com/images2/news/bigimage/2017/04/2017-04-25-image-2.png
Techno - Gampong IT - Reference Information Technology
http://techno.gampongit.com/2017/04/hipchat-resets-user-passwords-after.html
http://techno.gampongit.com/
http://techno.gampongit.com/
http://techno.gampongit.com/2017/04/hipchat-resets-user-passwords-after.html
true
7281475864779722461
UTF-8
Tidak ditemukan artikel apapun LIHAT SEMUA Selengkapnya Balas Batal Balas Hapus Oleh Beranda HALAMAN ARTIKEL Lihat Semua REKOMENDASI LABEL ARSIP SEARCH SEMUA ARTIKEL Tidak ditemukan posting yang sesuai dengan permintaan Anda Halaman Utama Minggu Senin Selesa Rabu Kamis Jumat Sabtu Min Sen Sel Rab Kam Jum Sab Januari Februari Maret April Mei Juni Juli Agustus September Oktober November Desember Jan Feb Mar Apr Mei Jun Jul Agu Sep Okt Nov Des baru saja 1 menit lalu $$1$$ minutes ago 1 jam lalu $$1$$ hours ago Kemarin $$1$$ days ago $$1$$ weeks ago lebih dari 5 minggu yang lalu Pengikut Ikuti KONTEN PREMIUM Silakan share untuk membuka Salin Semua Code Pilih Semua Code Semua kode disalin ke clipboard Anda Tidak dapat menyalin kode/teks, silakan tekan [CTRL] + [C] (atau CMD + C dengan Mac) untuk menyalin