[HN Gopher] Atlassian says recent data leak stems from third-par...
       ___________________________________________________________________
        
       Atlassian says recent data leak stems from third-party vendor hack
        
       Author : mikece
       Score  : 35 points
       Date   : 2023-02-16 17:47 UTC (5 hours ago)
        
 (HTM) web link (www.bleepingcomputer.com)
 (TXT) w3m dump (www.bleepingcomputer.com)
        
       | trynewideas wrote:
       | Envoy, specifically, a startup that manages physical workplace
       | access (ie. "Empower employees to reserve a desk in the
       | workplace"), all with redundant storage of potentially sensitive
       | employee information, like names, phone numbers, ID documents,
       | legal agreements, physical access badge data and photos, etc.
       | 
       | Kind of surprised we haven't heard more about hacks among the
       | proliferation of underbaked startups that backfill basic
       | workplace and HR services.
        
         | programmarchy wrote:
         | But they're SOC 2! /s
        
           | trynewideas wrote:
           | brb, getting my security team to endorse closing offices and
           | going remote work-only because it _reduces_ our online attack
           | surface
        
       | autoexec wrote:
       | Atlassian decides which vendors they use and which vendors have
       | access to their data. It's Atlassian's responsibility to protect
       | the data that they have and to make sure that anyone they share
       | that data with is taking similar steps. This is Atlassian's
       | failure, their fault, and their responsibility. Hopefully they
       | are right and no customer data was at risk.
        
       | tmn007 wrote:
       | According to Envoy CEO the Atlassian API key was compromised. Not
       | saying how.
        
       ___________________________________________________________________
       (page generated 2023-02-16 23:03 UTC)