HipChat hacked: Users' messages ‘may have been accessed’ by cyber criminals

HipChat has revealed that it was targeted by hackers over the weekend.

The instant-messaging service says the attackers “may have” gained access to users’ names, email addresses and “hashed” passwords.

Hashing passwords means scrambling them into complex sequences of characters that are designed to be difficult for hackers to crack.

However, most worrying of all is that there’s a chance the attackers also got their hands on messages and content in private chats.

HipChat says this is a possibility for less than 0.05 per cent of instances, but even so, this could cause affected users serious concern, inconvenience and embarrassment.

“We are contacting and will work closely with these customers,” wrote Ganesh Krishnan, HipChat’s chief security officer, in a blog post.

“The incident involved a vulnerability in a popular third-party library used by HipChat.com.”

HipChat has invalidated users’ passwords and sent them instructions on how to reset them.

Users concerned about the hack should update their login details for other services immediately.

HipChat says it is “confident” it has isolated the affected systems and closed any unauthorised access, and is working with law enforcement to investigate the incident.

“To reiterate, we have found no evidence of other Atlassian systems or products being affected,” adds the blog post.

Atlassian, which owns HipChat, is also behind popular workplace services Trello and Jira.