Slack's Private GitHub Code Repositories Stolen Over Holidays
An anonymous reader quotes a report from Bleeping Computer: Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories. The immensely popular Salesforce-owned IM app is used by an estimated 18 million users at workplaces and digital communities around the world. BleepingComputer has come across a security incident notice issued by Slack on December 31st, 2022. The incident involves threat actors gaining access to Slack's externally hosted GitHub repositories via a "limited" number of Slack employee tokens that were stolen. While some of Slack's private code repositories were breached, Slack's primary codebase and customer data remain unaffected, according to the company. The wording from the notice [1, 2] published on New Year's eve is as follows: "On December 29, 2022, we were notified of suspicious activity on our GitHub account. Upon investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository. Our investigation also revealed that the threat actor downloaded private code repositories on December 27. No downloaded repositories contained customer data, means to access customer data, or Slack's primary codebase." Slack has since invalidated the stolen tokens and says it is investigating "potential impact" to customers. At this time, there is no indication that sensitive areas of Slack's environment, including production, were accessed. Out of caution, however, the company has rotated the relevant secrets. "Based on currently available information, the unauthorized access did not result from a vulnerability inherent to Slack. We will continue to investigate and monitor for further exposure," states Slack's security team. The good news, with regards to the most recent security update is that no action needs to be taken by customers, for now.
from Slashdot https://ift.tt/TdUAuyY
Read more of this story at Slashdot.
from Slashdot https://ift.tt/TdUAuyY
0 Response to "Slack's Private GitHub Code Repositories Stolen Over Holidays"
Post a Comment