The Hacker News — Cyber Security, Hacking, Technology News

Atlassian's group chat platform HipChat is notifying its users of a data breach after some unknown hacker or group of hackers broke into one of its servers over the weekend and stole a significant amount of data, including group chat logs.

What Happened?

According to a security notice published on the company's website today, a vulnerability in a "popular third-party" software library used by its HipChat.com service allowed hackers to break into its server and access customer account information.

However, HipChat did not say exactly which programming blunder the hackers exploited to get into the HipChat cloud server.

What type of Information?

Data accessed by the hackers include user account information such as customers' names, email addresses and hashed password information.

Besides information, attackers may have obtained metadata from HipChat "rooms" or groups, including room name and room topic. While metadata is not as critical as direct messages, it's still enough to identify information that's not intended to be public.

Worse yet, the hackers may also have stolen messages and content in chat rooms, but in a small number of instances (about 0.05%). There has been no sign that over 99% of users' messages or room content was compromised.

Fortunately, there's no evidence that the attackers have accessed anyone's credit card or financial information.

Who are not affected?

HipChat users not connected to the affected third-party software library are not affected by the data breach.

Other Atlassian properties also are safe, as the company claimed that there is no evidence to suspect that other Atlassian systems or products like Jira, Confluence, or Trello have been affected by the hack.

To Worry or Not to Worry?

There's no need to panic, as the passwords that may have been exposed in the breach would also be difficult to crack.

Atlassian Chief Security Officer Ganesh Krishnan noted that HipChat hashes all passwords using the bcrypt cryptographic algorithm, with a random salt.

The data is hashed with bcrypt, which transforms the passwords into a set of random-looking characters, and makes the hashing process so slow that it would literally take centuries to brute-force all of the HipChat account passwords.

For added security, HipChat also "salted" each password with a random value before hashing it, adding additional protection against possible decryption.

However, data breaches like this are made worse by the fact that there have been so many breaches prior to it, and secondly, that majority of users make use of the same or similar passwords for their multiple accounts.

So, it doesn't take much for hackers to cross reference a user's username or email address in a database from a previous breach and find an old password, placing users at greater risk of a hack.

How Many victims?

HipChat did not say how many users may have been affected by the incident, but the company is taking several proactive steps to secure its users.

What is HipChat doing?

As a precaution, HipChat has invalidated passwords on all potentially affected HipChat-connected accounts, and emailed password reset instructions, forcing every user to reset their account password.

The company is also attempting to track down and fix the security vulnerability in the third-party library used by its service that allowed for the breach.

In response to the attack, the company is also updating its HipChat Server that will be shared with its customers directly through the standard update channel.

HipChat has also isolated the affected systems and closed any unauthorized access.

HipChat parent company Atlassian is also actively working with law enforcement on the investigation of this matter.

What Should You Do Now?

For the Obvious reasons, all HipChat customers are highly recommended to change their passwords as soon as possible.

You should also particularly be alert of the Phishing emails, which are usually the next step of cyber criminals after a breach. Phishing is designed to trick users into giving up further details like passwords and bank information.

Last year, Iran blocked Telegram and many other social networks after their founders refused to help Iranian authorities to spy on their citizens.

Now it looks like Iranian government wants tighter controls on all foreign messaging and social media apps operating in the country that will give the authorities a wider ability to monitor and censor its people.

All foreign messaging and social media apps operating in Iran have one year to move 'data and activity' associated with Iranian citizens onto servers in Iran, Reuters reported.

In order to comply with the new regulations, the companies would need to set up data centers in Iran within one year, but apps may lose a larger number of users by moving data onto Iranian servers.

However, transferring data to Iran servers might not be enough, as some of the most popular messaging services like WhatsApp, Apple iMessage, and Telegram are offering end-to-end encrypted communication i.e. nobody in between, not even WhatsApp can read the content of your messages.

Just two weeks back Iranian authorities arrested eight women with involvement in online “un-Islamic” modeling photographs without wearing the compulsory headscarf, and their Instagram page has been shut down, along with Facebook pages and business websites.

"Telegram's data centres are to be moved inside the country so they can delete what they want and arrest who they want," @Mehrdxd said in a tweet.

$19 Billion / 450 million users  = $42.22 per user

"Facebook Mobile Messenger is widely used for chatting with your Facebook friends, and WhatsApp for communicating with all of your contacts and small groups of people. Since WhatsApp and Messenger serve such different and important uses, we will continue investing in both and making them each great products for everyone." Mark Zuckerberg added.