Popular online chat company Slack announced last week that it was the victim of a data breach, which resulted in several employee tokens being stolen. Though there was only a limited amount of tokens taken, threat actors were able to misuse them to steal some of Slack’s private Github code repositories on Dec 27.
Slack also suffered a breach in August and in 2019, and passwords had to be reset for users due to the scope of the breach. However, this breach didn’t affect customer data and customers don’t have to take any action.
“While some of Slack’s private code repositories were breached, Slack’s primary codebase and customer data remain unaffected,” the company said in a statement. “No downloaded repositories contained customer data, means to access customer data, or Slack’s primary codebase.”
Slack took immediate response by launching their company’s investigation and by invalidating the employee tokens, therefore restricting access from the actors.
The press release revealed that “The threat actor did not access other areas of Slack’s environment, including the production environment, and they did not access other Slack resources or customer data.”
However, Slack didn’t say what was stolen. Slack also went on to rotate relevant credentials as a precaution, further protecting their data in lieu of the breach. This security precaution would prevent any potentially stolen data from being usable in the first place.
Slack also stated that it doesn’t believe the unauthorized access of employee tokens was an inherent vulnerability and is currently investigating the source of the breach.
While this was a large security breach with an ongoing investigation, Slack has reassured customers that it “takes security, privacy, and transparency very seriously.”