On Monday April 24, 2017 the HipChat Security team has advised their users that there was a security incident detected which affected a server in the HipChat Cloud. The incident lead to a leak of some account information such as names, email addresses and hashed passwords. For a small number of instances (less than 0.05% according to HipChat), messages and content in rooms may have been accessed too.
HipChat automatically reset user passwords for those accouts that they believe were affected and some users were asked to update their passwords manually.
In their statement the HipChat team assured that no other of Atlassian services were affected:
We have found no evidence of other Atlassian systems or products being affected.
HipChat team did not specify how exactly the attacker accessed protected data. They only mentioned that the vulnerable was in a popular third-party library used by HipChat.com.
More details here: https://blog.hipchat.com/2017/04/24/hipchat-security-notice/