Slack confirmed that it had recently suffered a data breach, but reassured customers that their data was not affected by the incident.
in ad (Opens in a new tab) Posted by the online collaboration giant on December 31, 2022, Slack explained how actors of an unknown threat obtained employee Slack tokens and used them to access private GitHub repositories.
It said these repositories do not hold Slack’s raw codebase, or customer data.
Rotate secrets and invalidate codes
“On December 29, 2022, we were notified of suspicious activity on our GitHub account,” the Slack notice read. Upon investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to access an externally hosted GitHub repository. Our investigation also revealed that the threat actor downloaded private code repositories on December 27. No downloaded repositories contained customer data, meaning Access to customer data, or the underlying code source for Slack.”
To combat the threat, Slack has revoked the stolen tokens and said it is looking further into the “potential impact” of the data breach.
Although there is no evidence that the attackers got rid of sensitive information, Slack still decided to release its secrets.
Slack is one of the most popular communication and collaboration platforms in the world, allegedly serving more than 20 million users worldwide, including countless business users. As such, the targeting of cybercriminals is not surprising. By targeting communication platforms, hackers can obtain valuable information, such as passwords (Opens in a new tab)or access cloud servers and files that are shared.
In mid-2020, the company suffered a data breach that forced it to reset the passwords of thousands of users. At the time, approximately 1% of all Slack users (which equated to more than 65,000 people at the time) were believed to have been affected by the incident.
Slack also suffered a cyberattack in 2015 when hackers breached its user profile database and accessed mixed user passwords.
Via: BleepingComputer (Opens in a new tab)