Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Atlassian's response to the Envoy Data Incident

Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 23, 2023

On February 15, 2023 we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published. Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk.

A hacking group compromised Atlassian data from the Envoy app using an Atlassian employee’s credentials that had been mistakenly posted in a public repository by the employee. As such, the hacking group had access to data visible via the employee account which included the published office floor plans and public Envoy profiles of other Atlassian employees and contractors.

The compromised employee’s account was disabled early in the investigation which was proven effective in eliminating any further threat to Atlassian’s Envoy data.

To learn more about our commitment to safeguard customer data and our Security Incident Management processes, visit our Security Practices page.

1 comment


Log in or Sign up to comment
Simon Pearce March 10, 2023

Thanks for the above. Could you guide us on the following:

  • How long did the attack go undetected?
  • When did the attack first occur?
  • What was the initial attack vector e.g. phishing email, software vulnerabilities etc.?
AUG Leaders

Atlassian Community Events