mobile-logo

Previous

< Twitter Leaks Data On 200 Million Users

Security Insights / Data Breaches / Slack GitHub Account Hack

Inside Slack’s GitHub Account Hack

 

Inside Slack’s GitHub Account Hack

 

Learn about PurpleSec’s fully managed vulnerability management services.

Author: Dalibor Gašić/ Last Updated: 01/16/2022

Reviewed By: Michael Swanagan, CISSP, CISA, CISM

View OurEditorial Process

Table Of Contents

Summary Of The Attack

 

  • On December 29, 2022, Slack, one of the most popular business communication tools has become victim to a hacker.
  • The threat actor had also downloaded private code repositories on December 27, but neither Slack’s primary codebase nor were any customer data included in the downloaded repositories.
  • The company has stated that there was no impact on its code or services.
  • The company has stated that the unauthorized access did not result from a vulnerability inherent to the company, indicating that the hack may have been perpetrated by an external threat actor.
  • Implementing multi-factor authentication (MFA), regularly rotating credentials, and staying vigilant for suspicious activity are key steps companies can take to protect against potential threats. Additionally, companies should properly secure their API keys and regularly rotate them as a precautionary measure.

 

Slack Data Breach: What Happened?

 

On December 29, 2022, Slack, one of the most popular business communication tools has become victim to a hacker. The incident was by an Israeli security firm called CyberInt.

 

The investigation revealed that a limited number of employee tokens were stolen and misused to gain access to an externally hosted GitHub repository.

 

The threat actor had also downloaded private code repositories on December 27, but neither Slack’s primary codebase nor were any customer data included in the downloaded repositories.

 

Slack immediately invalidated the stolen tokens and began an investigation into the potential impact on their customers. It was determined that the threat actor did not access other areas of Slack’s environment or customer data.

 

There was no impact on Slack’s code or services, and the company rotated all relevant credentials as a precautionary measure.

The Impact Of Slack’s Data Breach

 

The attack resulted in unauthorized access to a subset of Slack’s code repositories.

 

However, Slack’s primary codebase and customer data were not affected. The company has stated that there was no impact on its code or services and that it has rotated all relevant credentials as a precautionary measure.

enterprise vulnerability management services

Who Is Responsible For The Slack GitHub Hack?

 

The company has stated that the unauthorized access did not result from a vulnerability inherent to the company, indicating that the hack may have been perpetrated by an external threat actor.

 

Some experts suggest that the use of stolen employee tokens, which were likely obtained via an API, highlights the importance of strong authentication measures to protect against unauthorized access.

 

Additionally, the incident has similarities with a recent security incident disclosed by authentication firm Okta, which also had its code repositories accessed and copied.

 

It is possible that the same group or individual may be responsible for both hacks. The investigation is still ongoing and more information may become available in the future.

PurpleSec risk management platform

Preventing Future Attacks: Mitigating the Risk of a Data Breach like Slack’s

 

This security breach serves as a reminder of the importance of strong authentication measures, particularly when it comes to APIs that may have access to sensitive data. It also highlights the need for companies to regularly review and update their security protocols in order to prevent unauthorized access.

 

Implementing multi-factor authentication (MFA), regularly rotating credentials, and staying vigilant for suspicious activity are key steps companies can take to protect against potential threats.

 

Additionally, companies should properly secure their API keys and regularly rotate them as a precautionary measure. Here are some ways to secure API keys:

 

  • Regularly review and update security protocols: Companies should periodically review their security protocols to ensure that they are up-to-date and effective.
  • Use encryption and tokenization: Encrypting and tokenizing API keys can help to protect against unauthorized access.
  • Limit access to API keys: Only give access to the minimum number of employees’ necessary, and limit the permissions of those who do have access.
  • Monitor for suspicious activity: Regularly monitor for suspicious activity and take action if any is detected.
  • Understand how your API keys are used: Understand how the API keys are being used and the type of data they are accessing.
  • Make sure to update your keys: Regularly update the keys to prevent them from being exposed or stolen.
  • Use a token management platform: Utilize a token management platform to manage and secure your API keys.
  • Provide education and awareness to your employees: Make sure your employees are aware of the risks and how to protect their keys.
  • Have incident response plan in place: Have incident response plan in place in case of a security incident involving API keys.

 

You can find these and other things on the PurpleSec website, where you can also get help with this and a lot more in the field of cyber security from our experts.

 

Related Articles:

 

enterprise penetration testing services

Dalibor Gašić - cyber security expert

Dalibor Gašić

Dalibor is a Senior Security Engineer with experience in penetration testing having recently served over 8 years in the Ministry of Internal Affairs in the Department of Cyber Security in Serbia.

Previous

Twitter Leaks Data On 200 Million Users

Next

Top Vulnerabilities Of 2022

All Topics

More Security Insights