Dive Brief:
- Popular messaging service HipChat invalidated user passwords, triggering a password reset, after the company’s Security Intelligence Team detected a vulnerability in a third-party library used by HipChat.com last weekend. The company said there was no evidence any other Atlassian products or systems were impacted.
- The company said the incident may have resulted in unauthorized access to content from the HipChat.com service, including user account information, passwords and room metadata. For a small number of instances, messages and content in rooms may have been accessed, according to a post by HipChat chief security officer Ganesh Krishnan.
- The company said it’s found no evidence of unauthorized access to financial or credit card information. "We are confident we have isolated the affected systems and closed any unauthorized access," wrote Krishnan, who added that parent company Atlassian is currently working with law enforcement to investigate the incident.
Dive Insight:
If cybercriminals gain access to employee communications, they essentially have the keys to the kingdom. Not only could they access a huge amount of proprietary information such as sales data, internal announcements and emails, but they can use that information to launch ransomware attacks or to send spoofed emails from corporate leaders in order to access money or gain even more valuable data.
The popularity of enterprise messaging services is on the rise. Incidents like the one at HipChat can cause companies to think twice about trusting third parties with critical company data and communications.
But even with the breach, companies still need workplace communication technology in place. For a provider, it comes down to a quick response and full disclosure over exactly what happened to ensure customers stay loyal.