Australian enterprise software company Atlassian has notified users of its HipChat service that they have suffered a breach, which resulted in the compromise of names, usernames, email addresses, and encrypted passwords of less than 2 percent of registered users.
HipChat is group chat and IM service aimed at teams and other collaborators.
Luckily, it seems that the attackers could not access payment information. Also, that the company encrypted the stored passwords well.
“While HipChat passwords are one-way encrypted (hashed and salted), as an added precaution we have triggered a password reset for all affected HipChat user accounts and all Atlassian services that share the same email address,” shared Craig Davies, the head Atlassian’s security team.
Affected users will be notified of the incident personally, but all users are invited to change their passwords as a precaution.
“As a reminder, always avoid using simple passwords based on dictionary words and never use the same password on multiple sites or services,” Davies advised. Given that the company hashes and salts the password, choosing a long and strong one practically guarantees that hackers won’t be able to crack it.
Nevertheless, users should also be on the lookout for phishing emails impersonating HipChat.