Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Atlassian update regarding Cloudflare November 2023 incident

Dan Hranj
Dan Hranj
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 2, 2024

On February 1, Cloudflare has concluded its investigation of an incident that occurred in November 2023, during which a threat actor gained access to Cloudflare’s Atlassian Data Center instances. This was not because of any vulnerability in Atlassian software but rather was caused by a threat actor using Cloudflare’s access token that was part of Okta’s October 2023 breach.

Cloudflare concluded the threat actor was able to access its Atlassian tools using one access token and three service account credentials that were part of the Okta compromise of October 2023 that Cloudflare failed to rotate.

As a best practice, we recommend customers regularly rotate access credentials and prioritize this action after a large third-party compromise.

Comment
Watch
Like # people like this
2037 views

1 comment

Comment

Log in or Sign up to comment
Linux
Linux
Contributor
February 5, 2024

It's noticeable to say that an Atlassian customer doesn't got hacked by vulnerabilities in Atlassian Software this time. Because otherwise we would think it's one of the usual security defects greeting us regularly. Really thank you for letting us know it's completely different this time!

We wouldn't have noticed otherwise. Because just after the first two weeks of 2024, Confluence for example had it's first remote code execution security defect this year. The first one with a 10.0/10 score. Normally, the regularly RCEs "there only" gets around 9.x/10. Finally cracked the 10.0 score! Progress!

What should Atlassian customers do after each serious security gap in your software? Also change their passwords and pray that this helps against attackers who potentially could have been already executed code before the patch?

But at least there is another company to blame with even worse security this time. Well done! 👏

Like # people like this
Reply
groups-icon
Trust & Security
TAGS
AUG Leaders

Atlassian Community Events

    See all events