HipChat resets passwords after hack

HipChat, the chat service of software company Atlassian, has reset its users’ passwords after a hack. The service warns that unauthorized persons may have had access to names, email addresses and hashed passwords.

In a warning on its site, the organization wrote that a “security incident” occurred over the weekend, related to a vulnerability in a “popular third-party software library”. It is a server in the HipChat Cloud.

As a result, an unauthorized party could have had access to sensitive data. In addition to the passwords, which are provided with a bcrypt hash and salt, chat room metadata may have been stolen. This includes the name and subject of the chat room.

HipChat goes on to say that the vast majority of message content was inaccessible. A small part, about 0.05 percent, may have been seen by the hackers. No other financial information was allegedly stolen. Other Atlassian services, such as Jira or Trello, are not affected. HipChat reports that an investigation is underway and an update is coming for HipChat Server.

HipChat is a business chat service for various platforms, which makes video calls possible, among other things. The functionality largely corresponds to that of competitor Slack.