HipChat Hacked: Usernames, Passwords And Messages Stolen From Popular Communications App
HipChat, a popular communications platform for businesses, warned users Monday it experienced a database breach, which may have compromised the names, email addresses and passwords of its users.
In additional to user information, HipChat warned users that metadata from company “rooms” or groups also may have been accessed, including room name and room topic. Worse yet, in a small number of instances, messages from a room may have been stolen.
Read: Payday Loans Online Data Breach: Personal Information From 250,000 People Stolen From Company
HipChat chief security officer Ganesh Krishnan assured users in a blog post Monday that less than 0.05 percent of instances included user messages, and passwords were “hashed” or encrypted using the popular encryption protocol bcrypt using a random salt, which adds additional protection against potential decryption.
Krishnan’s assessment, which basically says the situation could have been worse if the company wasn’t using standard best practices for security, amounts to the good news for HipChat users who may be affected by the breach.
The bad news is pretty much everything else since a significant amount of user data was compromised. While metadata may not be as explicitly exposing as direct messages, it’s still more than enough to discern information that may not have been intended to be public.
Email just came through, looks like @HipChat got popped. They were using bcrypt. pic.twitter.com/YWjHq2GblN
— Adam Chester (@_xpn_) April 24, 2017
In addition, breaches like this are made worse by the fact there have been so many breaches before it. It doesn’t take much for a hacker to cross reference a person’s username or email address in a database from a previous hack and find an old password. Since many people use the same or similar passwords for multiple accounts, it puts them at greater risk of a hack.
Read: Atlassian Acquires Trello, Popular Planning App, For $425 Million
In response to the breach, HipChat parent company Atlassian has taken to invalidating the accounts for all HipChat-connected accounts that may have been affected. Those users should see an email with instructions on how to reset passwords.
Atlassian is also attempting to track down and fix the issue that allowed for the breach, which apparently stemmed from a third-party library with an unpatched security vulnerability. The company noted HipChat users not connected to that library were unaffected, and other Atlassian properties also are safe.
© Copyright IBTimes 2024. All rights reserved.
-
French Air Traffic Controller Strike Threatens Flight Chaos
-
Azerbaijan Says 'Closer Than Ever' To Armenia Peace Deal Amid Border Talks
-
How UK's Biggest Water Supplier Sank Into Crisis
-
Taiwan Hit By Dozens Of Strong Aftershocks From Deadly Quake
-
Gaza Health System 'Completely Obliterated': UN Expert
-
In Ecuadoran Amazon, Butterflies Provide A Gauge Of Climate Change
-
50 Years On, Vintage Vehicles To Reenact Portugal's Carnation Revolution
-
Conflicts Push Military Spending To 'All-time High': Report
-
'Thank You, America:' Zelensky And Netanyahu Applaud House Passage Of Foreign Aid Package
-
Women Journalists Bear The Brunt Of Cyberbullying
