HipChat security notice follow-up—guest access reset

, Chief Security Officer | April 27, 2017

As shared in https://blog.hipchat.com/2017/04/24/hipchat-security-notice, our Security Intelligence Team detected a security incident affecting a server in the HipChat Cloud web tier earlier this week. Our ongoing investigation has not revealed any additional evidence of unauthorized access to content or data.

However, as an added precaution, we have reset guest access URLs for any HipChat rooms that have guest access enabled.

When a room admin turns on guest access in a room, HipChat generates a link that can be shared with people outside the organization, enabling limited (guest) access to that room.

  • Users may have received a notification inside the room indicating that this has occurred.
  • Any current users who have joined a room via guest access will have to be re-invited using the new URL link provided for the room. You can read more about how to find and share this link in our HipChat documentation— https://confluence.atlassian.com/hipchat/guest-access-740001159.html.
  • Existing guest access URLs will no longer function.

As a reminder, this is an ongoing investigation, and Atlassian is actively working with law enforcement authorities on the investigation of this matter.

If you have any questions or concerns, please contact us at support@hipchat.com.