Latest in Gear

Image credit: Getty Images/iStockphoto

HipChat resets all passwords after hackers break in

The attacker got an unknown amount of names, emails and hashed passwords -- but likely not financial data.
550 Shares
Share
Tweet
Share
Save

Sponsored Links

Getty Images/iStockphoto

Today, Hipchat alerted its users that someone broke into one of its servers through a vulnerability in a third-party library. The chat service saw no evidence that other Atlassian systems or products like Jira or Trello were affected, but they're forcing every user to reset their HipChat-connected account password as a precaution.

According to the service's blog post, the attacker might have gotten access to user information (including name, email and hashed password) of anyone using HipChat.com. There's been no sign that over 99 percent of users' messages or room content was compromised, though the attacker could have accessed that portion's metadata. A small fraction (.05 percent) of instances might have been wide open to the hacker, who would have been able to see correspondence and content. Fortunately, no evidence has suggested that the attacker has accessed anyone's financial or credit card information.

"While HipChat Server uses the same third-party library, it is typically deployed in a way that minimizes the risk of this type of attack," the blog post said, but the service will roll a security update out for Hipchat Server just to be sure.

Source: HipChat
In this article: Atlassian, gear, hack, hipchat, services, TL17HXR
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
550 Shares
Share
Tweet
Share
Save
Comments

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr