Enterprise Chat Client HipChat Hacked

“Team chat that’s actually built for business” has it’s servers broken in to.

HipChat is a team chat app. Claiming to be “built for business” it promises some very nice features, including group chat, video chat, and screen sharing. Earlier today, all HipChat users were forced to reset their password because the HipChat servers had been broken into.

The hack was due to a vulnerability in a third-party library. The attackers may have gained access to user’s name, email, and hashed passwords, although at this time, there is no indication that user’s messages or content were compromised, although .05 percent of this information was fully available to the attackers.

“Security is #1. HipChat’s secure conversations are transferred in 256-bit SSL encryption – the same security protocol as online banks.” states HipChat on it’s homepage. This hack proves once again that encryption does not equal security or privacy. This is a common misconception, or marketing ploy, utilized by numerous chat apps such as WhatsApp, Telegram, etc. Encryption can be a component of security, but it is quite obviously not the entirety.

“We recognize that security is a cat and mouse game, requiring constant investment and innovation and that is what we do, day in, day out. “ – John Chen

True cybersecurity depends on more than one component. No matter how strong that component might be. Modern day hackers will not stop at the brick wall of encryption. They will simply tunnel underneath that wall. And once that tunnel is filled in, they will just build a ladder. In other words, encrypted messages shall not stop modern cyber attackers. They’ll simply find a way to get those messages through weaknesses in the devices that hold them. HipChat being compromised is just one more case that proves this is true.

Far too many chat clients claim users are secure simply because of “end to end encryption”. Personally, I know there is more to it than that. Instead of falling for the talking point of encryption, I choose to look at the security history of the product, and the maker’s commitment to security. UTB Blogs was created on BBM, that is where we are staying, and that is where we are staying secure.



Founder & Owner of UTB Blogs. Former BlackBerry Elite. When I'm not talking or writing about BlackBerry, you'll find me using my BlackBerry.