On December 31st, Slack informed users about the issue. Slack said that it became aware of the suspicious behavior on December 29; thus, it is probable that the company just wanted to alert consumers about the situation as quickly as possible. According to the findings of the investigation, the perpetrators of the breach accessed confidential code repositories on December 27. It seems that the hackers used stolen employee tokens in order to obtain access to the company’s repository that is hosted outside on GitHub. According to the statement made by the firm, only a “small number” of workers were affected.
In the compromised repositories, neither customer data nor information that might be utilized to gain access to customer data was stored. In addition, according to the firm, they did not include the key codebase for Slack. According to our most recent findings, the threat actor did not access any other parts of Slack’s infrastructure, including the production environment. Furthermore, the threat actor did not access any other Slack resources or customer data. Slack said that there was no effect to the company’s code or services and that they have also cycled all relevant credentials as a preventative measure.
In addition, it said, “Based on the information that is presently available, the illegal access was not the consequence of a vulnerability that is inherent to Slack.” We will continue our investigation, and we will keep a close eye out for any future exposure. The announcement made by Slack occurred around one week after the supplier of identity and access management solutions, Okta, alerted its customers that some source code had been stolen from its GitHub repository. It is not known if the instances are connected to one another.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.