Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Security Advisory - Password Change request from JIRA Support

MJM I'm New Here Jul 21, 2021

I'm confused about the email I received an email from Atlassian Security Team, and I am confused. Here is the email I received.

Hi,

We have recently discovered that we have stored passwords for the personal email account/s you have used to login and pull in emails to Jira Cloud as plaintext files in an encrypted database. To add an extra layer of security, we have updated our processes to ensure that email account passwords are encrypted with a custom key before they are stored in the encrypted database. The database was only accessible to a limited set of Atlassian engineers for the platform.

We've investigated all access and audit logs and have not found any signs of unauthorized access. However, out of an abundance of caution, we recommend that you reset your email account/s password for the email address you have connected with Jira Cloud as Incoming Mail servers.

To list which accounts are impacted, Please check the list of Incoming Mail servers set for Jira Cloud Instances you own (any email address that is not username@instance_name.atlassian.net would be personal).

In the Jira Admin section:

1.

Choose Settings > System.

 

2.

Select Mail > Incoming Mail.

We are committed to implementing the best security practices for our customers and improving our processes, and apologize for any inconvenience this may cause.

 

Here's my Question:

 

Does this only apply to Incoming Mail accounts under the Settings > System > Mail > Incoming Mail?

 

Or does it also apply to the mail accounts set up for the Project under Project Settings > Email Requests?

Or am I changing the password for my actual SMTP account?

1 answer

1 accepted

0 votes
Answer accepted
Jack Community Leader Jul 21, 2021

I received the same and checked with Atlassian on this for further information. In the end it only applies to the incoming email handlers as mentioned in the directions.

MJM I'm New Here Jul 22, 2021

I'm still a little confused. I have only have the "jira@xxxxx.atlassian.net" Cloud Mail Server Listed.

How would I go about changing that password?

 

Incoming Mail

Set up your incoming mail server

Here are the current mail servers that are configured for Jira.

NameUsernameHost NameAuthentication TypeActions

Default Cloud Mail Serverjira@xxxxx.atlassian.net  
  •  
  •  
Default Cloud Mail Serverjira@xxxxx.atlassian.net
Jack Community Leader Jul 23, 2021

You would not change the password associated with that email. If that’s the only one you have I’m not sure why you would have received the security email TBH. Is it possible that at one time you had inbound emails configured and later removed? In any event you certainly are welcome to reach out to Atlassian support to find out more.

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you