Slack security incident
Slack, an instant messaging application used in workplaces and digital communities, suffered a security incident that affected some of its private code repositories on GitHub.
The company's investigation revealed that a limited number of Slack employee tokens were stolen and misused to gain access to its GitHub repository. It also revealed that the threat actor downloaded private code repositories.
In addition, the investigation has shown that an external supplier was compromised, but it is clarified that customers have not been affected.
References:
- 31/12/2022 slack.com Slack security update
- 05/01/2023 bleepingcomputer.com Slack's private GitHub code repositories stolen over holidays
- 07/01/2023 wired.co.uk Security News This Week: Don’t Panic, but Slack’s GitHub Got Hacked
- 11/01/2023 gridinsoft.com Hackers compromised Slack private GitHub repositories