Atlassian suffers data breach, downtime

Powered by SC Magazine
 

Company founder apologises to affected customers.

View larger image View larger image View larger image

See all pictures here »

Australian social media software developer Atlassian has suffered a web site outage after a swarm of customers came to the site seeking information on a data breach.

Customers swamped Atlassian's web servers after the company advised them to change their passwords following a data breach.

The breach was detected Monday morning and potentially exposed passwords for customers who purchased Atlassian products before July 2008.

In an attempt to be as "open as possible", the company notified all customers to change their usernames and passwords. 

In a blog post, Atlassian co-founder Mike Cannon-Brookes said the notification led to "hundreds of thousands of accounts changing passwords simultaneously, causing its web servers to "crumple and cause yet more user alarm."

"We apologise for the extra consternation this caused - our web servers are now back purring along as normal. In summary - we've made mistakes, we're sorry and we're fixing them," he said.

Cannon-Brookes warned customers who haven't already changed their details to "definitely change your password with us".

He also reaffirmed that no credit card or payment, financial or SaaS-customer information was accessible or exposed.

"The worst case here, which we take very seriously, is that the password used by customers that purchased before June 2008 to logon to http://my.atlassian.com was exposed," he said.

Atlassian has a number of high profile customers including the Queensland Office of Gaming Regulation, Roads and Traffic Authority (NSW, Australia), the US Supreme Court, the National Library of Australia and Microsoft.

Cannon-Brookes said Atlassian migrated its customer database to the encrypted Atlassian Crowd  single-sign on in July 2008. However, the old database table was not taken offline or deleted.

Cannon-Brookes admits the company "made a big error. For this we are, of course, extremely sorry.

"In hindsight, we should have reset passwords for affected users on their behalf."

Cannon-Brookes said the company is "feverishly researching the breach. Once we've concluded our investigation, we'll provide another update."

Atlassian has not yet responded to calls for further comment at the time the story went to press. 


 
 
 
Top Stories
CIO exits as Coles steps up offshoring
Updated: Engages Accenture in Manila; staff to learn of their fate today.
 
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
 
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  71%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 792

Vote