Some of Slack’s private GitHub code was stolen following a data breach

By Scott Marlette Last updated Jan 5, 2023

Slack has confirmed that it recently suffered a data breach, but reassured customers that their data was not affected by the incident.

In an announcement (opens in new tab) published by the online collaboration giant on December 31, 2022, Slack explained how an unknown threat actors obtained Slack employee tokens and used them to access private GitHub repositories.

These repositories did not hold Slack’s primary codebase, or customer data, it said.

Rotating secrets and invalidating tokens

“On December 29, 2022, we were notified of suspicious activity on our GitHub account,” Slack’s notice read. “Upon investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository. Our investigation also revealed that the threat actor downloaded private code repositories on December 27. No downloaded repositories contained customer data, means to access customer data, or Slack’s primary codebase.”

To combat the threat, Slack invalidated the stolen tokens and said to be looking further into the “potential impact” of the data breach.

Even though there’s no evidence the attackers made away with sensitive information, Slack still decided to rotate its secrets.

Slack is one of the world’s most popular communication and collaboration platforms, allegedly serving more than 20 million users worldwide, including countless business users. As such, being targeted by cybercriminals is no surprise. By targeting communications platforms, hackers can obtain valuable information, such as passwords (opens in new tab), or access to cloud servers and files being shared.

In mid-2020, the company suffered a data breach forcing it to reset the passwords for thousands of users. At the time, it was believed that roughly 1% of all Slack users (which was equivalent to more than 65,000 people then) were affected by the incident.

Slack was also hit by a cyberattack back in 2015 when hackers broke into its user profile database and accessed scrambled user passwords.

Via: BleepingComputer (opens in new tab)

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.