Atlassian Developer Incident - Unauthorized Users Added to Marketplace Vendor Accounts from Bug caused by Database Failover - 15 M

Incident Report for Meltwater IT

Investigating

Click on [Body.html] attachment for HTML version

Unauthorized Users Added to Marketplace Vendor Accounts from Bug caused by Database Failover

An update has been posted
As communicated in the previous update:

- No billing details were accessed or changed by unauthorized users in any impacted vendor partner account
- No reports and transaction details were accessed or changed by unauthorized users in any impacted vendor partner account
- No new app versions were created by unauthorized users in any vendor partner account

However, we are continuing to investigate and enumerate all unauthorized access to any Marketplace Partner account’s contact information and app details. In the process, we have already reached out directly to a subset of impacted Marketplace partners to communicate the impact to them and will be reaching out to others as we progress.

As no billing details were accessed or changed by unauthorized users in any impacted Partner partner account, our finance teams have started to process the payments for the month of February (due in March).

Up to now we have prioritized understanding the full scope of potential unauthorised access to partner data and communicating this to partners above restoring access to Marketplace Partner admin functionality.

We are now evaluating options to safely restore access to Marketplace Partner functionality, and hope to be able to do this tomorrow ( 18 Mar 2021 ) for the majority of functionality.

We will keep you informed as we progress.

Thank you for your patience and continued support as we work through this sensitive matter.

Time posted
Mar 17, 14:20 UTC

Components Affected
Marketplace - Reporting APIs and dashboards, Marketplace - Vendor management

View 7 previous incident updates https://stspg.io/7h978z5p3l0c

You received this email because you are subscribed to Atlassian Developer's service status notifications.
Manage your subscription: https://developer.status.atlassian.com/subscriptions/ck2ybnl95jjl/edit
Posted Mar 17, 2021 - 14:21 UTC