A little known hacking crew called SiegedSec posted data on what appears to be thousands of Atlassian employees and floor plans for two of the Australian software vendor’s offices.
The employee file posted online Wednesday contains more than 13,200 entries and a cursory review of the file appears to show multiple current employees’ data, including names, email addresses, work departments and other information. The floor plans are for one floor of the company’s San Francisco office and another for its Sydney, Australia, office.
“THATS RIGHT FOLKS, SiegedSec is here to announce we have hacked the software company Atlassian,” a message posted with the files says. “This company worth $44billion has been pwned by the furry hackers uwu.”
“On February 15, 2023 we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published,” an Atlassian representative told CyberScoop in an email Thursday. “Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk. The safety of Atlassians is our priority, and we worked quickly to enhance physical security across our offices globally. We are actively investigating this incident and will continue to provide updates to employees as we learn more.”
An Australian company currently valued at roughly $46 billion, Atlassian makes software for project management and collaboration such as Trello, Jira and Confluence. The company, which has offices around the world, earned $2.8 billion in revenue in fiscal year 2022 and had more than 242,000 customers as of August 2022, the company reported at the time. The statement also said the company had 8,813 employees.
On June 2, 2022, the company disclosed a critical vulnerability in the Confluence Server and Data Center software that allowed attackers to execute arbitrary code on victims’ machines. The next day the company issued a fix for the problem that had been used by “multiple threat groups and individual actors,” Steven Adair, president of incident response firm Volexity, tweeted at the time.
SiegedSec, which launched a Telegram channel in April 2022, made headlines in in June 2022 after claiming to have hacked “internal documents and files retrieved from Kentucky’s and Arkansas’ government server,” The Record reported at the time. The hack came in response to abortion bans amid a wave of hacktivist activity in the wake of the Dobbs v. Jackson Supreme Court ruling that reversed Roe v. Wade.
