HipChat has just alerted its account users to change their password. The chat service has determined that a hacker broke into one of its servers. Fortunately, the company was able to immediately resolve the issue.
[status] Monitoring: The Atlassian account signup and login issues have been resolved (see http://status.atlass... https://t.co/UwX38TdvTK
— Atlassian HipChat (@HipChat) April 25, 2017
HipChat immediately made a precautionary measure to help protect its valued users by making the existing password of all affected accounts to be invalid. The company then began informing its users by sending an email giving instructions on how to reset their password.
Apparently, the company has discovered that someone has hacked one of its servers. The hacker was able to break into one of its servers. Unfortunately, there was a vulnerability in a third-party library.
The chat service said there was no proof that the hacker has accessed the Atlassian systems nor the Jira or Trello products. The chat service believes the hacker might have just accessed the profile of the users, such as the name, email address and password
Fortunately, released statement mentioned that only 0.05 percent of cases could have been accessed by the hacker, in terms of correspondence and content access. It just seems that the hacker might have just accessed the metadata of all the users of HipChat.com.
The released statement also mentioned that there was no evidence that more than 99 percent of the messages or room content were affected. Good enough reason for its users to be at peace.
More importantly, HipChat said that there was no proof that the hacker was able to touch any of its user's financial or credit card details. The chat service further assured that they will soon roll out a security update to secure their HipChat Server to avoid another case of hacking.
HipChat explained that its HipChat Server utilizes the same third-party library. However, the chat service also justified that in their setup, they have commonly deployed the library with minimal risk of hacking.
Meanwhile, there are some users who may be worried to have not received any email from the chat service. The company clarified that its Security Team will only email those users with affected account by the hacking incident.