Slack has confirmed that it recently suffered a data breach, but reassured customers that their data was not affected by the incident.
In an announcement (opens in new tab) published by the online collaboration giant on December 31, 2022, Slack explained how an unknown threat actors obtained Slack employee tokens and used them to access private GitHub repositories.
These repositories did not hold Slack’s primary codebase, or customer data, it said.
Rotating secrets and invalidating tokens
“On December 29, 2022, we were notified of suspicious activity on our GitHub account,” Slack’s notice read. “Upon investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository. Our investigation also revealed that the threat actor downloaded private code repositories on December 27. No downloaded repositories contained customer data, means to access customer data, or Slack’s primary codebase.”
To combat the threat, Slack invalidated the stolen tokens and said to be looking further into the “potential impact” of the data breach.
Even though there’s no evidence the attackers made away with sensitive information, Slack still decided to rotate its secrets.
Slack is one of the world’s most popular communication and collaboration platforms, allegedly serving more than 20 million users worldwide, including countless business users. As such, being targeted by cybercriminals is no surprise. By targeting communications platforms, hackers can obtain valuable information, such as passwords (opens in new tab), or access to cloud servers and files being shared.
In mid-2020, the company suffered a data breach forcing it to reset the passwords for thousands of users. At the time, it was believed that roughly 1% of all Slack users (which was equivalent to more than 65,000 people then) were affected by the incident.
Slack was also hit by a cyberattack back in 2015 when hackers broke into its user profile database and accessed scrambled user passwords.
Via: BleepingComputer (opens in new tab)