
For further questions, please reach out to your support representative or file a ticket here. On December 15, based on their research, we simplified the self-service invalidation of tokens following a password change for Cloud users: a separate user logout is no longer required to invalidate the current session token. December 22: We would like to thank CloudSek for alerting us to this issue. If you have further questions, please reach out to our team by filing a support ticket. One of Japan’s and Asia’s largest cryptocurrency exchange Coincheck has suffered a data breach in which unknown hackers have stolen 58 billion Yen of the virtual currency NEM (Nemu) (534 million 429 million) from its digital wallets. Server and Data Center customers can contact their administrators to reset their passwords. Cloud customers can reset their passwords here. If you have any concerns about the security of your account, we recommend that Cloud customers reset their passwords, which will automatically log users out of all active and current sessions. Contrary to previous cases of attacks on exchanges, hackers did not take advantage of vulnerabilities in the Blockchain code instead, they exploited the. We want to emphasize that this was an isolated customer incident caused by malware on the customer’s computer.Ĭybercriminals deploy malware as a means to obtain session token data, regardless of cloud or on-premise deployment. We understand that this incident has spurred many of you to look into the availability of your data on similar dark web marketplaces.

Our security team did not find a vulnerability in Atlassian Cloud or On-Premise products or a breach of Atlassian systems related to the incident.

This incident was in no way caused by a vulnerability in Atlassian products or a compromise of Atlassian systems. We promptly invalidated the customer’s affected session tokens.
TOKENS COINCHECK BREACH TOKENS VULNERABILITY ATTACKS SOFTWARE
On December 8, we concluded that the bad actor used session tokens, stolen by a piece of malicious software on the customer's computer, to facilitate this access. On Decem(UTC), Atlassian's security team opened an investigation into unauthorized access of a customer's Cloud account.
