HipChat Warns of Security Breach, User Data May Have Been Compromised
HipChat developer and Australian software maker Atlassian announced that they had detected suspicious activity on computers using the HipChat messaging service. Atlassian further said that attackers had gained unauthorized access to customer information.
Craig Davies, Head of the Atlassian security division said that the information exposed to the hackers belonged to less than two percent of the clients and included names, usernames, email addresses, and passwords. Craig however did not divulge how the hackers managed to gain entry into HipChat system but said that the security team managed to block the intrusion as soon as it was discovered but not before some 2% of its user base was exposed in a post made on the HipChat website.
Atlassian’s security team has discovered and blocked suspicious activity on the HipChat service that resulted in unauthorized access to names, usernames, email addresses, and encrypted passwords for a very small percentage (<2%) of our users. We have no evidence that any payment information was accessed.
While HipChat passwords are one-way encrypted (hashed and salted), as an added precaution we have triggered a password reset for all affected HipChat user accounts and all Atlassian services that share the same email address. If you have not received communication from us, we do not believe you were affected. However, you can easily change your password here. As a reminder, always avoid using simple passwords based on dictionary words and never use the same password on multiple sites or services.
We take our responsibility to protect you and your data very seriously, and we’re constantly enhancing the security of our service infrastructure to keep you and your data safe. While recent events with other large services have demonstrated this type of activity is increasing, so too is our vigilance in blocking and addressing it.
If you have any questions or concerns, please contact us at [email protected].
HipChat is a Web service for private chat and instant messaging. As well as one-on-one and group/topic chat, it also features cloud based file storage, video calling, searchable message history and inline image viewing. HipChat is a cross platform messaging App and is available for download for Windows, Mac or Linux, as well as Android and iOS smartphones and tablets.
It is currently based on a freemium model, as much of the service is free with some additional features requiring organizations to pay $2 per user per month.
HipChat also recently surpassed the billion message mark and has been growing in double digits per month. As of January 2014, it was estimated that the service handles 60 messages per second and boasts 1.2 billion messages stored and half a terabyte of searchable data.