On February 15, 2023 we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published. Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk.
A hacking group compromised Atlassian data from the Envoy app using an Atlassian employee’s credentials that had been mistakenly posted in a public repository by the employee. As such, the hacking group had access to data visible via the employee account which included the published office floor plans and public Envoy profiles of other Atlassian employees and contractors.
The compromised employee’s account was disabled early in the investigation which was proven effective in eliminating any further threat to Atlassian’s Envoy data.
To learn more about our commitment to safeguard customer data and our Security Incident Management processes, visit our Security Practices page.
