In response to the breach, HipChat parent company Atlassian has taken to invalidating the accounts for all HipChat-connected accounts that may have been affected.
Krishnan reckoned "less than 0.05 per cent" of HipChat.com "messages and content in [chat] rooms may have been accessed", and that his team has found "no evidence of unauthorized access to financial and/or credit card information".
The attacker may have accessed user account information such as names, email addresses, and hashed passwords, along with metadata such as room names and topics. "We have found no evidence of other Atlassian systems or products being affected". In 2015, HipChat reset user passwords after detecting and blocking suspicious activity in which account information was stolen from less than 2 percent of its users. Atlassian bought Hipchat in 2012 - the service itself was founded in 2010 - and it's one of the many pieces of business software alongside Jira, Confluence and Trello that the company operates.
Krishnan failed to provide an exact ETA, but said the company is preparing an updated version of the server that it will push through the standard update channel.
Fox News bro Jesse Watters makes blowjob joke about Ivanka Trump
The comment fell flat among his co-hosts, and Kimberly Guilfoyle quickly moved on to the next question. Trump made while in Berlin, Germany at an event dedicated to female entrepreneurship.
While HipChat Server uses the same third-party library that was compromised, it is generally deployed in a way that is expected to minimise the risk of the type of attack resulting in this particular incident, according to Krishan. "Such an approach goes a long way to ensuring that a breach such as this one is identified and dealt with as quickly as possible".
"The positive here is how quickly they have acted, password resets are good and notifying affected users quickly is a major plus", argued Eset IT security specialist, Mark James. They are also continuing in the investigation of how such a breach could have happened and who was responsible. It noted that any accessed passwords would be hard to crack given the data is salted and hashed with the bcrypt algorithm.
"The question is, was this a known vulnerability?"
"However, if the vulnerability was known then this is another case where security best practice - vulnerability and patch management - would have nearly certainly prevented the breach".
Comments