I'm confused about the email I received an email from Atlassian Security Team, and I am confused. Here is the email I received.
Hi, | |||||
We have recently discovered that we have stored passwords for the personal email account/s you have used to login and pull in emails to Jira Cloud as plaintext files in an encrypted database. To add an extra layer of security, we have updated our processes to ensure that email account passwords are encrypted with a custom key before they are stored in the encrypted database. The database was only accessible to a limited set of Atlassian engineers for the platform. | |||||
We've investigated all access and audit logs and have not found any signs of unauthorized access. However, out of an abundance of caution, we recommend that you reset your email account/s password for the email address you have connected with Jira Cloud as Incoming Mail servers. | |||||
To list which accounts are impacted, Please check the list of Incoming Mail servers set for Jira Cloud Instances you own (any email address that is not username@instance_name.atlassian.net would be personal). | |||||
In the Jira Admin section: | |||||
| |||||
We are committed to implementing the best security practices for our customers and improving our processes, and apologize for any inconvenience this may cause. |
Here's my Question:
Does this only apply to Incoming Mail accounts under the Settings > System > Mail > Incoming Mail?
Or does it also apply to the mail accounts set up for the Project under Project Settings > Email Requests?
Or am I changing the password for my actual SMTP account?
I received the same and checked with Atlassian on this for further information. In the end it only applies to the incoming email handlers as mentioned in the directions.
I'm still a little confused. I have only have the "jira@xxxxx.atlassian.net" Cloud Mail Server Listed.
How would I go about changing that password?
Here are the current mail servers that are configured for Jira.
NameUsernameHost NameAuthentication TypeActions
Default Cloud Mail Server | jira@xxxxx.atlassian.net | |||
Default Cloud Mail Server | jira@xxxxx.atlassian.net |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You would not change the password associated with that email. If that’s the only one you have I’m not sure why you would have received the security email TBH. Is it possible that at one time you had inbound emails configured and later removed? In any event you certainly are welcome to reach out to Atlassian support to find out more.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.