HipChat hacked: Users' messages ‘may have been accessed’ by cyber criminals

The company has invalidated passwords and kicked off an investigation into the incident

Aatif Sulleyman
Tuesday 25 April 2017 09:24 EDT
Comments
Atlassian, which owns HipChat, is also behind popular workplace services Trello and Jira
Atlassian, which owns HipChat, is also behind popular workplace services Trello and Jira (Facebook/HipChat)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

HipChat has revealed that it was targeted by hackers over the weekend.

The instant-messaging service says the attackers “may have” gained access to users’ names, email addresses and “hashed” passwords.

Hashing passwords means scrambling them into complex sequences of characters that are designed to be difficult for hackers to crack.

However, most worrying of all is that there’s a chance the attackers also got their hands on messages and content in private chats.

HipChat says this is a possibility for less than 0.05 per cent of instances, but even so, this could cause affected users serious concern, inconvenience and embarrassment.

“We are contacting and will work closely with these customers,” wrote Ganesh Krishnan, HipChat’s chief security officer, in a blog post.

“The incident involved a vulnerability in a popular third-party library used by HipChat.com.”

HipChat has invalidated users’ passwords and sent them instructions on how to reset them.

Users concerned about the hack should update their login details for other services immediately.

HipChat says it is “confident” it has isolated the affected systems and closed any unauthorised access, and is working with law enforcement to investigate the incident.

“To reiterate, we have found no evidence of other Atlassian systems or products being affected,” adds the blog post.

Atlassian, which owns HipChat, is also behind popular workplace services Trello and Jira.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in