>
Slack has confirmed that it suffered a data breach recently, but has reassured customers that their data has not been compromised by the incident.
In a Announcement (opens in new tab) Published by the online collaboration giant on December 31, 2022, Slack explained how unknown threat actors obtained Slack employee tokens and used them to access private GitHub repositories.
These repositories do not contain Slack’s primary codebase or customer data, it said.
Rotate secrets and invalidate tokens
“On December 29, 2022, we were made aware of suspicious activity on our GitHub account,” Slack’s post read. “After investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to access our externally hosted GitHub repository. Our investigation also revealed that the threat actor downloaded private code repositories on December 27. No downloaded repositories contained customer data , means to access customer data, or Slack’s primary codebase.”
To combat the threat, Slack invalidated the stolen tokens and said it was continuing to look at the “potential impact” of the data breach.
While there is no evidence that the attackers took sensitive information, Slack still decided to rotate its secrets.
Slack is one of the world’s most popular communication and collaboration platforms and is said to serve more than 20 million users worldwide, including countless business users. As such, it comes as no surprise to be targeted by cybercriminals. By targeting communication platforms, hackers can obtain valuable information, such as passwords (opens in new tab)or access to cloud servers and files being shared.
In mid-2020, the company suffered a data breach that forced it to reset the passwords of thousands of users. At the time, it was believed that about 1% of all Slack users (equivalent to over 65,000 people at the time) were affected by the incident.
Slack was also hit by a cyberattack in 2015 when hackers broke into its user profile database and gained access to encrypted user passwords.
Through: Beeping computer (opens in new tab)