HQ/EMEAFind out how we can help your business
The recent security incident on a CloudSEK employee’s session cookies being compromised by an attacker has been making headlines. Several claims were linked to the issue, including bad actors exploiting a suspected Atlassian vulnerability among its products, involving taking over active session cookies despite changing passwords, invalidating sessions, and activating 2FAs.
Upon learning of the CloudSEK issue, Atlassian was promptly contacted by relevant teams, which led them to instigate an investigation from their end. According to Atlassian’s security team, their investigations show that the malicious actors targeted the employee’s active session tokens, stolen using malware actively infiltrating the affected machine.
Atlassian asserted that their products have no vulnerability that can affect customers’ session cookies.
Atlassian’s security team immediately invalidated the affected session cookies in the incident. Moreover, the tech firm said the incident’s investigations showed no signs of security vulnerabilities in their products or a compromise in their systems.
Asserting their stance, Atlassian emphasised that the CloudSEK incident was isolated and was caused by malware actively infiltrating the employee’s computer. Malware on compromised machines could steal active session token data, mostly set off by other attack methods such as phishing.
The tech firm advised all concerned individuals to secure their accounts by regularly updating passwords, activating multi-factor authentication, and logging out habitually to deactivate all active and current sessions.
They also shared a link where customers could reset their passwords and recommended contacting their Server and Data Centre should customers need further help in account security.
From the comment thread in Atlassian’s post, a user said that the incident should not have been deliberately blamed on Atlassian. Other comments, on the other hand, expressed more queries about the tech firm’s statement, including concerns about invalidating an active session cookie to evade similar cases from happening.
Atlassian’s representative said that an organisation’s Cloud administrator could configure users’ idle session duration by creating new authentication policies or modifying them in the admin settings.
