Hackers compromised Slack private GitHub repositories

On December 31, while everyone was celebrating the New Year, Salesforce, the company behind the development of the corporate Slack messenger, published a message about the incident of compromising Slack repositories on GitHub.

Let me remind you that recently MI also wrote that Slack Is Resetting User Passwords Due to a Bug, and also that Slack Connect DM new feature drew a barrage of criticism.

The attack by unknown attackers affected some of the company’s private GitHub repositories, but it is reported that Slack’s core codebase and customer data were not affected.

On December 29, 2022, we received a notice of suspicious activity on our GitHub account. During our investigation, we discovered that a limited number of Slack employee tokens were stolen and used to gain access to our external GitHub repository. The investigation also showed that on December 27, an attacker downloaded our private repositories. None of these repositories contained customer data, customer data access tools, or the core Slack codebase.reads the official release of the incident.

Slack representatives write that the stolen tokens have already been invalidated, and the investigation of the “potential impact” of this attack on customers is still ongoing. So far, there has been no indication that hackers have gained access to any sensitive areas or Slack workspaces. However, as a precaution, the company has changed the relevant secrets.

Based on the information currently available, the unauthorized access was not the result of a vulnerability in Slack.the company's security team said.

At the same time, journalists drew attention to a number of oddities associated with the disclosure of data about this incident. Thus, Bleeping Computer notes that the message about the attack was published on December 31, when most people are busy celebrating the New Year.

In addition, the report was initially not displayed at all on the international version of the company’s blog, and in some regions (for example, in the UK), the publication was marked noindex, which is used to exclude web pages from search results and make them much more difficult to detect. However, Google successfully indexed a post for the US published without the noindex tag.

Slack repositories on GitHub

As a result, according to ArsTechnica, although the message about the incident appeared on the network as early as December 31, search engines and the Internet Archive practically “did not see” it until January 5-6. It seems that the Slack developers were trying to prevent this newsletter from being indexed by search engines and to limit the publicity of what happened.

Let me remind you that the media also wrote that Facebook incorporates hidden codes in photos for download.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *