Security Experts:

Connect with us

Hi, what are you looking for?


Data Breaches

Atlassian Investigating Security Breach After Hackers Leak Data

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

[UPDATED] Enterprise software giant Atlassian has launched an investigation after a hacker group leaked information belonging to the company. 

A threat actor named SiegedSec, whose members have claimed to be hacktivists, announced on its Telegram channel and hacking forums that it “hacked the software company Atlassian”. 

They made 35 Mb of files public. This includes two image files apparently storing floor plans of Atlassian buildings in San Francisco and Sydney, and one file allegedly containing the information of 13,000 Atlassian employees, including names, email addresses, and phone numbers. 

Atlassian is still investigating the incident, but it appears that the data stolen by the hackers is associated with workplace platform Envoy, which the software giant uses to coordinate in-office resources. Atlassian has pointed out that product and customer data was not at risk as it’s not accessible through the Envoy application. 

Indeed, the leaked file that seems to contain Atlassian employee records does include numerous references to Envoy. However, the workplace company said it wasn’t actually hacked. 

Envoy founder Larry Gadea said on Twitter that they are investigating the incident, but at the moment there is no evidence that the company’s systems have been breached. Instead, the attackers used an API key associated with Atlassian to access the data, “much like any other customer or user would do as part of regular service”.

SiegedSec has been around since February 2022, targeting dozens of organizations around the world. The hackers have defaced websites, hijacked online accounts, and leaked data allegedly stolen from victims. 

It’s not uncommon for hacker groups like SiegedSec to make exaggerated claims about their attacks. 

UPDATE: Envoy has provided SecurityWeek the following statement:

“Both Envoy and Atlassian security teams have been collaborating to identify the source of the data compromise. We found evidence in the logs of requests that confirms the hackers obtained valid user credentials from an Atlassian employee account and used that access to download the affected data from Envoy’s app. We can confirm Envoy’s systems were not compromised or breached and no other customer’s data was accessed.”

In addition, Atlassian explained that the credentials abused by the hackers were obtained from a public repository, where they had been mistakenly posted.

“The hacking group had access to data visible via the employee account which included the published office floor plans and public Envoy profiles of other Atlassian employees and contractors,” an Atlassian spokesperson said.

“The compromised employee’s account was promptly disabled early in the investigation which was proven effective in eliminating any further threat to Atlassian’s Envoy data,” they added.

Related: Atlassian Warns of Critical Jira Service Management Vulnerability

Related: CISA Warns of Attacks Exploiting Recent Atlassian Bitbucket Vulnerability

Related: Atlassian Expects Confluence App Exploitation After Hardcoded Password Leak

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users.

Data Breaches

Companies affected by the recent Mailchimp data breach have started notifying customers. The list includes WooCommerce, FanDuel, Yuga Labs and the Solana Foundation.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.

Data Breaches

Google Fi informs customers about a data breach related to the recent T-Mobile cyberattack and some users claim they were targeted in a SIM...

Data Breaches

GoDaddy recently discovered a hacker attack where a sophisticated threat group infected websites and servers with malware.