iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Popular corporate message service Slack has revealed that an outside entity has gained access to its code repository on GitHub.
The incident did not compromise any customer data, however, and Slack reports that no customer action is required.
It appears that a number of Slack employee user tokens were recently stolen and these were used to access the company’s GitHub repository on 29 December, and that some private code repositories were downloaded on 27 December.
According to a security update on Slack’s blog, this access has not had any impact on the company’s service, nor resulted in any changes to code.
“When notified of the incident, we immediately invalidated the stolen tokens and began investigating potential impact to our customers,” Slack’s post reports. “Our current findings show that the threat actor did not access other areas of Slack’s environment, including the production environment, and they did not access other Slack resources or customer data. There was no impact to our code or services, and we have also rotated all relevant credentials as a precaution.”
Curiously, according to BleepingComputer, it appears that Slack may have been trying to obfuscate news of the incident. The security update was not immediately published to the company’s international news blog (though it is certainly there as of writing), and steps seem to have been taken to limit the spread of the news via search engines.
Slack is continuing to investigate the breach.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
