Atlassian Company Cyber Security Posture
atlassian.comAtlassian powers the collaboration that helps teams accomplish what would otherwise be impossible alone. From space missions and motor racing to bugs in code and IT requests, no task is too large or too small with the right team, the right tools, and the right practices. Over 300,000 global companies and 80% of the Fortune 500 rely on Atlassianโs software, like Jira, Confluence, Loom, and Trello, to help their teams work better together and deliver quality results on time. With our 300,000+ customers and team of 10,000+ Atlassians, we are building the next generation of team collaboration and productivity software. We believe the power of teams has the potential to change the worldโone that is more open, authentic, and inclusive.
Atlassian Company Details
atlassian
17274 employees
1866259.0
511
Software Development
atlassian.com
156
ATL_2964148
In-progress
Atlassian Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
Atlassian Global Score.png)
Atlassian Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
Atlassian Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Atlassian | Vulnerability | 100 | 6 | 08/2021 | ATL0214622 | Link | |
Rankiteo Explanation : Attack threatening the economy of a geographical regionDescription: Atlassian discovered a vulnerability in its Confluence Server which they need to patch to remedy a Critical-rated flaw. Confluence Server Webwork OGNL injection vulnerability could allow an authenticated user, or unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. However, Atlassian's own Confluence Cloud was patched but other hosted Confluence offerings might be vulnerable. | |||||||
| Atlassian | Vulnerability | 100 | 5 | 06/2022 | ATL23554622 | Link | |
Rankiteo Explanation : Attack threatening the organization's existenceDescription: Atlassian warned its customers that multiple threat groups are exploiting a Confluence Server zero-day vulnerability in its servers. Any unauthenticated attackers can target its Confluence Server and Data Center by a critical vulnerability that can be exploited for remote code execution. The company advised its users have been advised to prevent access to their Confluence servers from the internet, or simply disable these instances, as all supported versions of Confluence Server and Data Center are affected. However, Atlassian expects fixes to become available soon. | |||||||
| Atlassian | Data Leak | 60 | 3 | 02/2023 | ATL195481023 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: Atlassian reveals a data leak that was brought on by the theft of employee login information that was then utilized to obtain data from a third-party vendor. More than 13,200 entries make up the employee file that was uploaded online, and a brief inspection of the file suggests that it contains data on many current employees, including names, email addresses, work departments, and other details. The threat actors obtained information from a third-party vendor using the employee login credentials they had stolen. The business emphasized that the event had no impact on consumer or network data. The business acknowledged the data breach and disclosed that Envoy, a startup that offers workplace management services to the Australian software giant, was the source of the leaked data. | |||||||
| Atlassian | Data Leak | 50 | 1 | 04/2017 | ATL116201123 | Link | |
Rankiteo Explanation : Attack without any consequencesDescription: Atlassian revealed that unidentified hackers gained access to a vast quantity of data from its group chat service HipChat by breaking into a cloud server owned by the business. Although Atlassian did not disclose the identity of the prominent third-party software library that was utilised by its HipChat.com service, the business claims that attackers took advantage of a weakness in the library. The business issued instructions on how to reset passwords to all users whose accounts were connected to HipChat and, as a precaution, invalidated the passwords on those accounts. The organisation claims that although hashed passwords, email addresses, and names were accessible to hackers, no financial information was revealed. | |||||||
| Atlassian | Vulnerability | 100 | 5 | 8/2024 | ATL000083124 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: Atlassian Confluence Data Center and Server versions were affected by a critical vulnerability identified as CVE-2023-22527, enabling threat actors to exploit the flaw for cryptomining campaigns. Due to the template injection vulnerability, remote attackers could execute arbitrary code, leading to unauthorized cryptocurrency mining using the organization's resources. This activity not only utilized the compromised infrastructure for mining but also had the potential to disrupt operations and financials through resource exhaustion and increase in operational costs. Atlassian released patches to address the issue, however, systems not updated remained at risk. | |||||||
Atlassian Company Subsidiaries
Atlassian powers the collaboration that helps teams accomplish what would otherwise be impossible alone. From space missions and motor racing to bugs in code and IT requests, no task is too large or too small with the right team, the right tools, and the right practices. Over 300,000 global companies and 80% of the Fortune 500 rely on Atlassianโs software, like Jira, Confluence, Loom, and Trello, to help their teams work better together and deliver quality results on time. With our 300,000+ customers and team of 10,000+ Atlassians, we are building the next generation of team collaboration and productivity software. We believe the power of teams has the potential to change the worldโone that is more open, authentic, and inclusive.
Access Data Using Our API
Get company history
Rapid.png)
Atlassian Cyber Security News
Cisco, Atlassian fixes, Ryuk member arrested, Viasat Typhoon attack
A 33 year old โforeign nationalโ has been arrested in Kyiv and extradited to the U.S., for his alleged role in extorting more than $100 millionย ...
Atlassian Warns of Multiple High-Severity Vulnerabilities Hits Data Center Server
The bulletin highlights several critical dependencies containing exploitable flaws across Atlassian's product line. Four distinct denial-of-ย ...
Vulnerabilities Patched in Atlassian, Cisco Products
Confluence Data Center and Server received patches for two vulnerabilities, including a DoS flaw in the Netty application framework (tracked asย ...
Introducing GravityZone XDR Integration for Atlassian Cloud Applications
Atlassian Cloud simplifies the way teams collaborate and manage projects throughout the entire development lifecycle. Through Jira, they can streamlineย ...
HellCat Ransomware Hits 4 Firms using Infostealer-Stolen Jira Credentials
Cybersecurity researchers at Hudson Rock have identified a new wave of cyber attacks by the HellCat ransomware group, this time targeting fourย ...
Atlassian Alerts Users to Multiple Critical Vulnerabilities Affecting Data Center Server
With a CVSS score of 7.2, this vulnerability could potentially allow attackers to gain unauthorized elevated permissions within affected systemsย ...
Keepit offers Atlassian data backup to โensureโ business continuity
SaaS data backup specialist Keepit has officially launched protection for Atlassian's suite of collaboration tools Jira and Confluence,ย ...
Dell reportedly hit by second data breach in space of a week
None
Telefonica Breach Exposes Jira Tickets, Customer Data
The Hellcat ransomware group has stolen roughly 5000 documents, potentially containing confidential information, from the telecom giant'sย ...
Atlassian Similar Companies
Broadcom Software
Broadcom Software modernizes, optimizes, and protects the worldโs most complex hybrid environments. We are a global software leader delivering a comprehensive portfolio of industry-leading business-critical software enabling scalability, agility and security for the largest global companies in the w
Amazon
Amazon is guided by four principles: customer obsession rather than competitor focus, passion for invention, commitment to operational excellence, and long-term thinking. We are driven by the excitement of building technologies, inventing products, and providing services that change lives. We embrac
JD.COM
JD.com, also known as Jingdong, is a leading e-commerce company transferring to be a technology and service enterprise with supply chain at its core. JD.comโs business has expanded across retail, technology, logistics, health, insurance, property development, industrials, private label, and internat
bigbasket
Starting our journey in 2011, today, bigbasket - a Tata Enterprise is Indiaโs largest online supermarket with over 13 million customers and a presence in 60+ cities & towns. With our presence spanning the entire spectrum of consumer needs, we operate through a range of business lines - bigbasket, bb
GlobalLogic
GlobalLogic, a Hitachi Group Company, is a full-lifecycle product development services leader that combines chip-to-cloud software engineering expertise and vertical industry experience to help our customers design, build, and deliver their next generation products and digital experiences. We expert
Infor
As a global leader in business cloud software specialized by industry. Infor develops complete solutions for its focus industries, including industrial manufacturing, distribution, healthcare, food & beverage, automotive, aerospace & defense, hospitality, and high tech. Inforโs mission-critical ente
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Atlassian CyberSecurity History Information
How many cyber incidents has Atlassian faced?
Total Incidents: According to Rankiteo, Atlassian has faced 5 incidents in the past.
What types of cybersecurity incidents have occurred at Atlassian?
Incident Types: The types of cybersecurity incidents that have occurred incidents Vulnerability and Data Leak.
How does Atlassian detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through remediation measures with Patches Released and containment measures with Invalidated passwords on affected accounts and remediation measures with Issued instructions on how to reset passwords to all users and communication strategy with Notified users to reset passwords and containment measures with Prevent access to Confluence servers from the internet, Disable Confluence instances and communication strategy with Advised users to take preventive actions and remediation measures with Patching the vulnerability.
Incident Details
Can you provide details on each incident?
Incident : Cryptomining Campaign
Title: Atlassian Confluence Cryptomining Campaign
Description: Atlassian Confluence Data Center and Server versions were affected by a critical vulnerability identified as CVE-2023-22527, enabling threat actors to exploit the flaw for cryptomining campaigns. Due to the template injection vulnerability, remote attackers could execute arbitrary code, leading to unauthorized cryptocurrency mining using the organization's resources. This activity not only utilized the compromised infrastructure for mining but also had the potential to disrupt operations and financials through resource exhaustion and increase in operational costs. Atlassian released patches to address the issue, however, systems not updated remained at risk.
Type: Cryptomining Campaign
Attack Vector: Template Injection Vulnerability
Vulnerability Exploited: CVE-2023-22527
Motivation: Financial Gain
Incident : Data Breach
Title: Atlassian HipChat Data Breach
Description: Unidentified hackers gained access to a vast quantity of data from Atlassian's HipChat service by exploiting a vulnerability in a third-party software library used by the service.
Type: Data Breach
Attack Vector: Exploitation of Vulnerability
Vulnerability Exploited: Third-party software library vulnerability
Threat Actor: Unidentified hackers
Incident : Data Breach
Title: Atlassian Data Leak
Description: Atlassian reveals a data leak that was brought on by the theft of employee login information that was then utilized to obtain data from a third-party vendor.
Type: Data Breach
Attack Vector: Stolen Login Credentials
Vulnerability Exploited: Weak credential management
Motivation: Data Theft
Incident : Zero-Day Exploit
Title: Atlassian Confluence Server Zero-Day Vulnerability
Description: Atlassian warned its customers that multiple threat groups are exploiting a Confluence Server zero-day vulnerability in its servers. Any unauthenticated attackers can target its Confluence Server and Data Center by a critical vulnerability that can be exploited for remote code execution. The company advised its users to prevent access to their Confluence servers from the internet, or simply disable these instances, as all supported versions of Confluence Server and Data Center are affected. However, Atlassian expects fixes to become available soon.
Type: Zero-Day Exploit
Attack Vector: Remote Code Execution
Vulnerability Exploited: Confluence Server Zero-Day Vulnerability
Threat Actor: Multiple threat groups
Incident : Vulnerability Exploitation
Title: Confluence Server Webwork OGNL Injection Vulnerability
Description: Atlassian discovered a vulnerability in its Confluence Server which they need to patch to remedy a Critical-rated flaw. Confluence Server Webwork OGNL injection vulnerability could allow an authenticated user, or unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. However, Atlassian's own Confluence Cloud was patched but other hosted Confluence offerings might be vulnerable.
Type: Vulnerability Exploitation
Attack Vector: Webwork OGNL injection
Vulnerability Exploited: Confluence Server Webwork OGNL injection
Motivation: Arbitrary code execution
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Vulnerability in third-party software library and Stolen Login Credentials.
Impact of the Incidents
What was the impact of each incident?
Incident : Cryptomining Campaign ATL000083124
Systems Affected: Atlassian Confluence Data Center, Atlassian Confluence Server
Operational Impact: Resource Exhaustion
Incident : Data Breach ATL116201123
Data Compromised: Hashed passwords, Email addresses, Names
Systems Affected: HipChat.com service
Incident : Data Breach ATL195481023
Data Compromised: names, email addresses, work departments, other details
Incident : Zero-Day Exploit ATL23554622
Systems Affected: Confluence Server, Data Center
Incident : Vulnerability Exploitation ATL0214622
Systems Affected: Confluence Server, Data Center instance
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Hashed passwords, Email addresses, Names and employee data.
Which entities were affected by each incident?
Response to the Incidents
What measures were taken in response to each incident?
Incident : Cryptomining Campaign ATL000083124
Remediation Measures: Patches Released
Incident : Data Breach ATL116201123
Containment Measures: Invalidated passwords on affected accounts
Remediation Measures: Issued instructions on how to reset passwords to all users
Communication Strategy: Notified users to reset passwords
Incident : Zero-Day Exploit ATL23554622
Containment Measures: Prevent access to Confluence servers from the internet, Disable Confluence instances
Communication Strategy: Advised users to take preventive actions
Incident : Vulnerability Exploitation ATL0214622
Remediation Measures: Patching the vulnerability
Data Breach Information
What type of data was compromised in each breach?
Incident : Data Breach ATL116201123
Type of Data Compromised: Hashed passwords, Email addresses, Names
Incident : Data Breach ATL195481023
Type of Data Compromised: employee data
Number of Records Exposed: 13200
Sensitivity of Data: Medium
Data Exfiltration: True
Personally Identifiable Information: names, email addresses, work departments, other details
What measures does the company take to prevent data exfiltration?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Patches Released, Issued instructions on how to reset passwords to all users, Patching the vulnerability.
How does the company handle incidents involving personally identifiable information (PII)?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through were Invalidated passwords on affected accounts, Prevent access to Confluence servers from the internet and Disable Confluence instances.
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents?
Incident : Zero-Day Exploit ATL23554622
Recommendations: Prevent access to Confluence servers from the internet, Disable Confluence instances
What recommendations has the company implemented to improve cybersecurity?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Prevent access to Confluence servers from the internet, Disable Confluence instances.
References
Where can I find more information about each incident?
Incident : Data Breach ATL195481023
Source: Atlassian Data Breach Report
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Atlassian Data Breach Report.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through were Notified users to reset passwords and Advised users to take preventive actions.
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Data Breach ATL116201123
Entry Point: Vulnerability in third-party software library
Incident : Data Breach ATL195481023
Entry Point: Stolen Login Credentials
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Data Breach ATL195481023
Root Causes: Weak credential management
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident were an Unidentified hackers and Multiple threat groups.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Hashed passwords, Email addresses, Names, names, email addresses, work departments and other details.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident were Atlassian Confluence Data Center, Atlassian Confluence Server and HipChat.com service and Confluence Server, Data Center and Confluence Server, Data Center instance.
Response to the Incidents
What containment measures were taken in the most recent incident?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Invalidated passwords on affected accounts, Prevent access to Confluence servers from the internet and Disable Confluence instances.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Hashed passwords, Email addresses, Names, names, email addresses, work departments and other details.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 132.0.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Prevent access to Confluence servers from the internet, Disable Confluence instances.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident is Atlassian Data Breach Report.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Stolen Login Credentials and Vulnerability in third-party software library.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
