Atlassian announced a security incident on January 31, 2015, which resulted in unauthorized access to names, usernames, email addresses, and encrypted passwords for the HipChat service. As a result, Atlassian forced a password reset for the impacted subset of their users (<2%).
OneLogin strongly recommends to accounts that received this Atlassian notification and are using the OneLogin HipChat provisioning feature, to consider forcing a password reset to their users. Since HipChat provisioning leverages the user's OneLogin password for a single sign on experience, the potential breach of the HipChat password, even though it is salted and hashed, potentially impacts the password these users’ are also using to log into OneLogin.
To force a user password reset, account admins can use the Bulk Operations feature.
For any questions on the HipChat provisioning or Bulk Operations features, please contact firstname.lastname@example.org. For any security concerns related to this security advisory, please contact email@example.com.