Atlassian has revealed that the company suffered a data breach over the weekend, with less than 2 percent of its users having their names, email addresses, and encrypted passwords accessed.
The company has said that no payment information for its customers was accessed.
Head of Atlassian security Craig Davies said in a blog post that the company had decided to reset all impacted users' passwords for HipChat, and any other Atlassian services used.
"While HipChat passwords are one-way encrypted (hashed and salted), as an added precaution we have triggered a password reset for all ... services that share the same email address," Davies said.
"If you have not received communication from us, we do not believe you were affected."
The breach has called into question Atlassian's lack of two-factor authentication for its services. In November, the company said it was implementing an Atlassian-wide identity service, rather than adding two-factor authentication individually to its products.
"At our scale, this is not a trivial problem to solve across the number of products and services we have," said Atlassian group product manager Jens Schumacher. "A year ago, we truly believed that the identity service was only three to six months out, and we've made the decision to wait instead of duplicating the effort.
"Unfortunately, things changed and if we would have known at the time how much longer it would take us to deliver the service, we probably would have gone ahead and implemented it in Bitbucket first."
Last week, the HipChat messaging service went offline during an attack that also took down Facebook, Instagram, and Tinder.
Atlassian announced last year that it intends to launch HipChat on the Apple Watch when Cupertino's smartwatch becomes available for purchase.
HipChat was purchased by Atlassian in March 2012.