All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
HipChat Compromised / Password Reset
As a notice to our fellow LET members, this has just arrived in my mailbox.
HipChat is part of Atlassian.
"Hello,
This weekend, our Security Intelligence Team detected an incident affecting HipChat.com that may have resulted in unauthorized access to user account information (including name, email address and hashed password). HipChat hashes passwords using bcrypt with a random salt. In our security investigation, we found no evidence of unauthorized access to financial and/or credit card information. We can also confirm that we have found no evidence of other Atlassian systems or products being affected.
As an added precaution, we have reset the password for your HipChat account. Please go to https://www.hipchat.com/forgot_password and enter your email address to trigger a password reset email for your www.hipchat.com account.
If you have been using your HipChat password on other sites, services or online accounts, we recommend that you immediately change those passwords as well.
Please refer to the HipChat Blog at http://blog.hipchat.com for additional information about this incident. We regret any disruption this may have caused and appreciate your immediate attention. If you have questions, please do not hesitate to contact HipChat Support via our support portal or by sending email directly to [email protected].
– Ganesh Krishnan, Chief Security Officer "
Comments
Idk them.
HipChat sounds like something that only massive cunts would use.
WORLDSTAR HIPCHAT!
Fuck 'em.
This service is part of Atlassian, quite... Huge company.
So, their users will get more spam.
At this point I don't even care who is compromised anymore. I just care who admits it.
It's actually quite a good solution, used it a couple of times.
There are
otherbetter solutions out there however.== Millennials.
The biggest security vulnerability in hipchat is that it starts every call with video automatically turned on.
Gaffer tape. Always.
It's Atlassian's business chat product with paid tiers like Slack. It's not a Snapchat, Facebook Messenger, or other free data harvesting message app competitor.
Yeah, HipChat okay. Slack is better if self-hosting isn't something that's needed.
I know, ok. I use Atlassian's products. The name is still vomit inducing.
Agreed.
What about the fact that all pasted images are hosted publicly on AWS? I think forever....
Hipchat was a pretty easy-to-use group chat solution in the world before Slack, Discord and self-hosted rocketchat . (2010-2011 I think)
I especially like the panic reaction to reset all passwords and to send out new ones by email. That's great!
After all, "secure chat servers" tend to be much better protected - and protectable! - than email servers. Maybe a panic reaction like that was the attackers plan in the first place. As in "create some panic and massive password resets by attacking the chat thingy. Then hack and link into their email server and collect all passwords comfortably", hehe
They said that their passwords/credit cards are safe. What damage would this breach do, apart from attackers getting usernames and "personal information"?
Let me translate their statement "In our security investigation, we found no evidence of unauthorized access to financial and/or credit card information"
Translation: "We are so utterly stupid fucks that we insanely put everything into one system. We do vaguely hope, however, that the hackers didn't make use of our excessive stupidity. Moreover our 'analysis' found no 'you're hacked' credit card info which offers us the chance to vaguely assert that our users haven't been 100% but only 70% fucked in their rear with cacti"
Yeah, it was an interesting alternative to Skype or XMPP at the time. It had more features then basic XMPP, but not the video or desktop sharing of Skype.
I surely hope that they've lost their ability to process any offline/CNP transactions..