Atlassian suffers data breach, downtime

Powered by SC Magazine
 

Company founder apologises to affected customers.

View larger image View larger image View larger image

See all pictures here »

Australian social media software developer Atlassian has suffered a web site outage after a swarm of customers came to the site seeking information on a data breach.

Customers swamped Atlassian's web servers after the company advised them to change their passwords following a data breach.

The breach was detected Monday morning and potentially exposed passwords for customers who purchased Atlassian products before July 2008.

In an attempt to be as "open as possible", the company notified all customers to change their usernames and passwords. 

In a blog post, Atlassian co-founder Mike Cannon-Brookes said the notification led to "hundreds of thousands of accounts changing passwords simultaneously, causing its web servers to "crumple and cause yet more user alarm."

"We apologise for the extra consternation this caused - our web servers are now back purring along as normal. In summary - we've made mistakes, we're sorry and we're fixing them," he said.

Cannon-Brookes warned customers who haven't already changed their details to "definitely change your password with us".

He also reaffirmed that no credit card or payment, financial or SaaS-customer information was accessible or exposed.

"The worst case here, which we take very seriously, is that the password used by customers that purchased before June 2008 to logon to http://my.atlassian.com was exposed," he said.

Atlassian has a number of high profile customers including the Queensland Office of Gaming Regulation, Roads and Traffic Authority (NSW, Australia), the US Supreme Court, the National Library of Australia and Microsoft.

Cannon-Brookes said Atlassian migrated its customer database to the encrypted Atlassian Crowd  single-sign on in July 2008. However, the old database table was not taken offline or deleted.

Cannon-Brookes admits the company "made a big error. For this we are, of course, extremely sorry.

"In hindsight, we should have reset passwords for affected users on their behalf."

Cannon-Brookes said the company is "feverishly researching the breach. Once we've concluded our investigation, we'll provide another update."

Atlassian has not yet responded to calls for further comment at the time the story went to press. 


 
 
 
Top Stories
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
Immigration breached Privacy Act with data leak
Pilgrim slams "copy and paste" of asylum seeker data.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 835

Vote