Craig Davies posted this on HipChat‘s blog two days ago:
Atlassian’s security team has discovered and blocked suspicious activity on the HipChat service that resulted in unauthorized access to names, usernames, email addresses, and encrypted passwords for a very small percentage (<2%) of our users. We have no evidence that any payment information was accessed.
While HipChat passwords are one-way encrypted (hashed and salted), as an added precaution we have triggered a password reset for all affected HipChat user accounts and all Atlassian services that share the same email address. If you have not received communication from us, we do not believe you were affected. However, you can easily change your password here. As a reminder, always avoid using simple passwords based on dictionary words and never use the same password on multiple sites or services.
We take our responsibility to protect you and your data very seriously, and we’re constantly enhancing the security of our service infrastructure to keep you and your data safe. While recent events with other large services have demonstrated this type of activity is increasing, so too is our vigilance in blocking and addressing it.
If you have any questions or concerns, please contact us at [email protected].
h/t, TNW