Atlassian Developer Incident - Unauthorized users were being given access to Marketplace Partner accounts - 17 March 2021
Incident Report for Meltwater IT
Investigating
Click on [Body.html] attachment for HTML version

Unauthorized users were being given access to Marketplace Partner accounts

New incident: Identified
On March 14th 2021, the Atlassian team discovered unauthorized users were being given access to Marketplace Partner accounts for marketplace.atlassian.com.

At that time, we froze access to all users of partner accounts and halted payment processing in order to properly investigate the scope of the incident. We have since confirmed this activity was happening because of a bug, and not because of malicious activity.

We have also confirmed:
No billing details were accessed or changed by unauthorized users in any impacted vendor account
No reports and transaction details were accessed or changed by unauthorized users in any impacted vendor account
No new app versions were created by unauthorized users in any vendor partner account

Our team is continuing to investigate potential unauthorized access to your vendor account’s contact information and app details.

We will reach out directly to each impacted partner when our investigation is complete. We will also provide further technical details on this incident in a public PIR.

Follow the Atlassian Developer Statuspage for further updates.

Time posted
Mar 17, 00:59 UTC

Components Affected
Marketplace - Vendor management

View full incident details https://stspg.io/20slrvttvg68

You received this email because you are subscribed to Atlassian Developer's service status notifications.
Manage your subscription: https://developer.status.atlassian.com/subscriptions/ck2ybnl95jjl/edit
Posted Mar 17, 2021 - 01:03 UTC
Current Status Powered by Atlassian Statuspage