Learn about PurpleSec’s fully managed vulnerability management services.
Author: Dalibor Gašić/ Last Updated: 01/16/2022
Reviewed By: Michael Swanagan, CISSP, CISA, CISM
View Our: Editorial Process
Table Of Contents
On December 29, 2022, Slack, one of the most popular business communication tools has become victim to a hacker. The incident was by an Israeli security firm called CyberInt.
The investigation revealed that a limited number of employee tokens were stolen and misused to gain access to an externally hosted GitHub repository.
The threat actor had also downloaded private code repositories on December 27, but neither Slack’s primary codebase nor were any customer data included in the downloaded repositories.
Slack immediately invalidated the stolen tokens and began an investigation into the potential impact on their customers. It was determined that the threat actor did not access other areas of Slack’s environment or customer data.
There was no impact on Slack’s code or services, and the company rotated all relevant credentials as a precautionary measure.
The attack resulted in unauthorized access to a subset of Slack’s code repositories.
However, Slack’s primary codebase and customer data were not affected. The company has stated that there was no impact on its code or services and that it has rotated all relevant credentials as a precautionary measure.
The company has stated that the unauthorized access did not result from a vulnerability inherent to the company, indicating that the hack may have been perpetrated by an external threat actor.
Some experts suggest that the use of stolen employee tokens, which were likely obtained via an API, highlights the importance of strong authentication measures to protect against unauthorized access.
Additionally, the incident has similarities with a recent security incident disclosed by authentication firm Okta, which also had its code repositories accessed and copied.
It is possible that the same group or individual may be responsible for both hacks. The investigation is still ongoing and more information may become available in the future.
This security breach serves as a reminder of the importance of strong authentication measures, particularly when it comes to APIs that may have access to sensitive data. It also highlights the need for companies to regularly review and update their security protocols in order to prevent unauthorized access.
Implementing multi-factor authentication (MFA), regularly rotating credentials, and staying vigilant for suspicious activity are key steps companies can take to protect against potential threats.
Additionally, companies should properly secure their API keys and regularly rotate them as a precautionary measure. Here are some ways to secure API keys:
You can find these and other things on the PurpleSec website, where you can also get help with this and a lot more in the field of cyber security from our experts.
Related Articles:
Dalibor is a Senior Security Engineer with experience in penetration testing having recently served over 8 years in the Ministry of Internal Affairs in the Department of Cyber Security in Serbia.
Recent Attacks
Popular Articles
Ransomware Attacks
Preventing Attacks