Adaptavist via TheGentlemen: The Atlassian Marketplace SMB Playbook

On April 8, 2026, a new ransomware-as-a-service crew calling itself TheGentlemen posted Adaptavist Group to its data-leak site. The claimed haul reads like a worst-case slide from a vendor risk deck: source code for ScriptRunner and the Salable licensing platform, 484,220 HubSpot CRM records, 3+ TB of Nexus repository contents including production secrets and Helm charts, Kubernetes configuration, OAuth credentials, a Snowflake warehouse, and ~100 GB of Confluence documentation across 24,547 pages. The licensing system itself, the attackers claim, was compromised in a way that enables product cloning. DeXpose published the leak post on April 10, and ransomware.live mirrored the entry that week.

On April 21, Adaptavist CEO Simon Haighton-Williams sent a customer letter acknowledging an “IT security incident” in late March, attributing initial access to stolen credentials, and stating that systems known to be touched contained only “typical business data.” The Register reported the discrepancy between that framing and the leak post’s claim of complete infrastructure compromise. Impostor emails purporting to be from Adaptavist were already circulating by then.

Most coverage so far has focused on Adaptavist’s Fortune 500 client list — NASA, Visa, Deutsche Bank. That’s the wrong framing for our audience. The real exposure surface is the long tail of small and mid-sized companies running ScriptRunner or any other Adaptavist add-on through the Atlassian Marketplace — and the much bigger long tail of SMBs running any third-party Jira or Confluence app. If you have ever clicked “Install” in the Marketplace, this is your warning shot.

Why this one matters to SMBs

Atlassian’s ecosystem is a central platform holding your project, ticket, code, and documentation data, surrounded by hundreds of third-party apps connecting over OAuth 2.0, 3LO grants, or Connect/Forge. Each installed app holds scopes against your tenant. Atlassian’s Marketplace Security Enforcement Policy requires partners to apply least-privilege scopes and notify Atlassian via ECOHELP within 24 hours of a sharedSecret leak. What customers rarely see is what each app could read or write right now if its publisher were compromised.

Adaptavist is the test case for what happens when a Marketplace partner has a bad week. The mechanical risks:

• OAuth tokens stored at the partner. If a Marketplace app holds active access or refresh tokens against your tenant and the partner is breached, those tokens can be used to read or write your Jira and Confluence data. Atlassian can rotate sharedSecrets for Connect apps; rotating 3LO grants and self-hosted scripts takes longer.
• Source code disclosure of admin-grade tools. ScriptRunner runs Groovy scripts with system permissions inside Jira and Confluence — the most powerful admin automation in the ecosystem. Public source code does not automatically yield public exploits, but it lowers the cost of finding bugs that work against older deployments.
• Customer-context documents. 20,000+ legal tickets, 33,000 documents, 2,000 NDAs, and roughly 484,000 HubSpot CRM records means a credible attacker now has named contacts, scope of work, and pricing context for a large portion of Adaptavist’s book. Expect highly targeted vishing and phishing, the same pattern that played out after Canvas/Instructure.
• Licensing system compromise. If the Salable platform was genuinely owned, the attacker has the keys to validate, generate, or impersonate license records. Counterfeit support and renewal scams are the realistic near-term scenario; trojanized binaries through a parallel-looking channel are the worst-case one.

TheGentlemen shape what comes next. Check Point tracked them from a mid-2025 debut to more than 320 victims by April 2026 — the #2 most active group by victim count this year. Tradecraft is opportunistic: stolen credentials into internet-facing VPNs and firewalls, fast lateral movement with stolen domain creds, Group Policy deployment, EDR kills, SystemBC for C2, exfiltration before encryption. High-volume affiliate work, not tailored APT — which means many other Marketplace partners share Adaptavist’s exposure pattern.

The four-step SMB playbook

Run this against your Atlassian Cloud tenant or Data Center deployment this week. Treat Adaptavist as the representative case for any Marketplace partner.

Step 1: Inventory every connected app and the scopes it holds

You cannot decide what to rotate or remove until you can see what is installed. In Atlassian Cloud:

• Go to admin.atlassian.com → your organization → Products → Connected apps. Export the list. Note app name, vendor, install date, and scopes for each entry.
• Within Jira and Confluence sites, open Apps → Manage apps for the per-site view. Cross-reference against the org-level Connected apps list — they do not always match.
• Pull the OAuth and 3LO grants list under Security → Authentication policies and API tokens. Each grant should map to a known business owner.

For Data Center, the equivalent is the Manage apps screen plus a query against the user-installed apps table and any custom OAuth 2.0 clients defined in Application links.

For each Adaptavist-published add-on (most commonly ScriptRunner for Jira, Confluence, or Bitbucket, ScriptRunner Connect, and any Salable-licensed product), flag the entry and proceed to Step 2 immediately. For every other Marketplace app, evaluate whether the business actually still uses it. Anything not opened in 90 days is dead weight holding live scopes — uninstall it.

Step 2: Rotate secrets and revoke sessions for affected apps

The right rotation sequence depends on how the app authenticates. Atlassian classifies Marketplace apps into Connect, Forge, 3LO, and Personal Access Token (PAT) categories, and Adaptavist’s portfolio spans all of them.

For Connect apps, Atlassian holds the sharedSecret on the partner side. Atlassian’s security requirements oblige partners to request rotation via ECOHELP within 24 hours of a leak. As a customer you do not have a self-serve rotate button, but you can uninstall and reinstall, which forces a new sharedSecret. For any Adaptavist Connect app you cannot live without, do that cycle today.

For 3LO apps and self-hosted scripts (ScriptRunner Connect is the obvious one), rotate every PAT, OAuth client secret, and webhook. Revoke OAuth grants under Security → OAuth credentials; regenerate PATs at the user level. Check your secrets manager for any entries named SCRIPTRUNNER_, ADAPTAVIST_, SALABLE_, or product-specific webhook URLs.

Use a quick local sweep to catch references hiding in your own repos:

# grep your repos for credentials referencing affected vendors
cd /path/to/repos
grep -RInE 'scriptrunner|adaptavist|salable\.io' \
  --include='*.env*' --include='*.yml' --include='*.yaml' \
  --include='*.json' --include='*.tf' --include='*.ts' \
  --include='*.js' --include='*.py' --include='*.ps1' .

# enumerate Jira and Confluence webhooks via REST (Cloud)
curl -s -u "$JIRA_USER:$JIRA_TOKEN" \
  "https://your-tenant.atlassian.net/rest/api/3/webhook" \
  | jq '.values[] | {id, name, url, events}'

curl -s -u "$JIRA_USER:$JIRA_TOKEN" \
  "https://your-tenant.atlassian.net/wiki/rest/api/webhooks" \
  | jq '.results[] | {id, name, url, events}'

Anything pointing to an Adaptavist-controlled hostname (most commonly *.scriptrunnerhq.com, *.adaptavist.com, or *.salable.io) gets disabled until the vendor publishes a confirmed-clean integration story. Apply the same playbook to any Marketplace vendor that posts an incident notice in the coming weeks — the data set TheGentlemen are sitting on is large enough to power follow-on extortion of other partners.

Step 3: Look back through the last 60 days of admin and app activity

Initial access was “late March,” the public claim landed April 8, the CEO letter April 21. Your window of concern is roughly March 1 to today — 70-plus days, across three audit sources:

Atlassian audit logs. Org admin → Audit log in admin.atlassian.com. Cloud retains 180 days of org-level events on most paid plans; export them. Filter on App installed, App settings modified, OAuth credential created, OAuth credential modified, API token created, and any admin role change. Anomalies worth a ticket: installs by non-admin accounts, installs from unfamiliar networks, OAuth grants approved off-hours, bulk API token regeneration.

ScriptRunner activity. Both the Jira and Confluence variants store script execution history. In Jira: Apps → ScriptRunner → Built-in Scripts → Run audit log. Watch for built-in scripts run as administrator — Switch user, Add or remove user from group, broad Bulk fix resolutions, or any console script with outbound HTTP. In Confluence the equivalent path is General Configuration → ScriptRunner → Built-in Scripts.

Downstream SaaS audit logs. If your tenant integrates with Slack, GitHub, Bitbucket Cloud, AWS, Snowflake, or HubSpot (the latter is in scope because Adaptavist’s own HubSpot was reportedly stolen), pull the OAuth grant history and look for unfamiliar client IDs or vendor names in the same 70-day window. The Vercel/Context.ai incident we covered yesterday showed how OAuth grants from a compromised vendor can sit dormant for two months before being used.

Step 4: Set the durable Marketplace posture

The reactive sweep takes a few days. The durable changes take a quarter, but they pay off across every Marketplace partner you will ever integrate. Three to push through now:

• Admin-only app installation. Under Security and access policies → Connected apps, enable Block user apps. End users should not be able to install OAuth-scoped Marketplace apps against the tenant on their own. Atlassian documents this control in the org admin guide. The friction is real and it’s the right friction.
• Quarterly app review. Once a quarter, walk the Connected apps list with the SaaS or IT owner. For each app, confirm business owner, scopes, last usage, and whether the vendor is still actively maintaining the integration. Anything dormant comes off. New apps require an OAuth scope review before approval. Document each decision so the next quarter starts from a known baseline.
• Vendor security expectations in the contract. Any Marketplace partner you depend on for admin-level functionality (ScriptRunner-class apps, automation platforms, identity bridges) should be on a contract that requires breach notification within 72 hours and access to their SOC 2 Type II or equivalent. The Adaptavist incident demonstrates the gap between when a partner is compromised and when customers find out. Closing that gap is a paragraph in a master services agreement, not a tooling problem.

For Data Center customers, add one more item: pin Marketplace app versions in change management. Older ScriptRunner releases have had documented vulnerabilities; auto-update is the right default unless you have a reason to break glass, in which case track planned downgrades the same way you track unpatched CVEs.

The vendor concentration lens, again

The Canvas/Instructure breach this month was about SaaS vendor concentration on the primary platform. The Vercel/Context.ai story yesterday was about OAuth grants from AI vendors becoming the supply chain. Adaptavist is the same pattern in a third place: the Marketplace add-on you barely think about is a path into the platform running your engineering, product, support, and HR operations.

The technical playbook above gets a small team through the next two weeks. The durable posture — least-privileged Marketplace approvals, contractual breach notification, quarterly review, downstream SaaS audit-log centralization — is what turns the next vendor breach into a routine ticket instead of a fire drill.

Footnote: TheGentlemen are also a standing edge-device risk in their own right. Check Point’s telemetry shows them entering through internet-facing VPNs, firewalls, and remote-access gateways with stolen credentials, then pivoting to domain controllers and deploying via Group Policy within hours. If your edge inventory is not patched, MFA-enforced, and monitored for new admin sessions, the Marketplace cleanup above will not save you from a parallel intrusion landing on the perimeter while you are looking the other way.