A WEB SERVICE FOR INTERNAL OR ONE ON ONE CHATS, has been breached, and users told that passwords must be torched.
HipChat, which does sound like an app for hipster chat to us, is a bit more pedestrian than that. It has been around since 2010 and is a freemium product that is available across the board as web-based software and as an app.
It also joined a list of companies that have been breached and had to come forward to tell their users that that has happened and that passwords need to be changed. Fortunately there is a third party to blame, plus not all users are affected.
"This weekend our Security Intelligence Team detected a security incident affecting a server in the HipChat Cloud web tier. The incident involved a vulnerability in a popular third-party library used by HipChat.com," explained the firm.
"As a precaution, we have invalidated passwords on all HipChat-connected user accounts and sent those users instructions on how to reset their password. If you are a user of HipChat.com and do not receive an email from our Security Team with these instructions, we have found no evidence that you are affected by this incident."
There is more to this, of course. and HipChat said a range of information has been plundered. This includes things specific to the service like room details, messages and content from those rooms.
Good news comes at the end, financial details appear to be unmolested, and the boys in blue have already been called in.
"We are preparing an update for HipChat Server that will be shared with customers directly through the standard update channel," added the firm.
"We are confident we have isolated the affected systems and closed any unauthorized access. To reiterate, we have found no evidence of other Atlassian systems or products being affected. This is an ongoing investigation." µ
But don't expect laptop prices
Vulnerability targets hardware created by Infineon Technologies
Expect something commercial in 2019
Ex-employees say bugs were stolen and used in future attacks