Go to top of page

Check for HipChat breach notification

Priority Level: 
Moderate
1 May 2017

Users of Atlassian's HipChat workplace group chat tool are advised to check whether they are vulnerable following a security incident. Atlassian says it has contacted affected users with information about the incident, which potentially involved unauthorised access to sensitive data.

Atlassian has advised that it has invalidated passwords to potentially affected HipChat-connected user accounts and sent those users instructions to reset their passwords. This means those users will not be able to log on with their existing passwords. By requiring the reset, Atlassian is helping users avoid being rendered vulnerable by the breach.

If you use HipChat, you should check your email for these instructions, or for advice from the system administrator at your business. An Atlassian blog post advises that if you are a user of HipChat.com and have not received an email from their security team with these instructions, Atlassian have found no evidence that you are affected by this incident.

Atlassian also says it has no evidence that any of its other systems or products are affected.

The company says its security team detected an incident that may have resulted in unauthorised access to HipChat.com content. The data accessed may include user names, email addresses and passwords that the business says were protected using a technique called 'hashing'. Atlassian acknowledges that for 'less than 0.05 percent of instances', messages and content may have been accessed.

Atlassian says it found no evidence of access to financial or credit card information.

Atlassian says it has isolated the affected system and closed any unauthorised access.

Staying safe

When security breaches occur that may impact your data, you are reminded to change your passwords, monitor your accounts for unusual activity and seek advice from the service provider involved.

The incident also provides a reminder to use different passwords for each online service that you use. You should also ensure that they are greater than 10 characters and include a combination of upper and lower case letters, numbers and other symbols.

More information

Stay Smart Online has more information on creating tough passwords.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.