Indian cybersecurity firm CloudSEK says a threat actor gained access to its Confluence server using stolen credentials for one of its employees’ Jira accounts.
While some internal information, including screenshots of product dashboards and three customers’ names and purchase orders, was exfiltrated from its Confluence wiki, CloudSEK says the attackers didn’t compromise its databases.
“We are investigating a targeted cyber attack on CloudSEK. An employee’s Jira password was compromised to get access to our confluence pages,” the company’s CEO and founder, Rahul Sasi, said on Tuesday.
Instead, using the stolen Jira credentials, the threat actor could access training and internal documents, Confluence pages, and open-source automation scripts attached to Jira.
A threat actor named ‘sedut’ is now trying to sell what they claim is access to CloudSek’s “networks, Xvigil, codebase, email, JIRA and social media accounts” on multiple hacking forums.