Slack admits security breach

A popular workspace platform Slack disclosed a security incident that took place as the new year drew near.

The company's Security Team revealed in the blog post on December 31 information about "a security issue involving unauthorized access to a subset of Slack's code repositories."

On December 29, the company noticed suspicious activity on its GitHub account. The security team found that a small number of Slack employee tokens had been stolen and used to access the company's GitHub external repository. The perpetrator allegedly downloaded private code repositories on December 27.

The company claims that "customers were not affected, no action is required, and the incident was quickly resolved." No downloaded repositories contained customer data, meaning perpetrators could not access user information or Slack's primary codebase.

As far as it’s known, the threat actor did not access other areas of Slack's environment, including the production environment or other Slack resources.

It’s not the first time the workspace platform has experienced a security incident. In July 2022, an independent security researcher discovered a vulnerability when the platform transmitted a hashed version of the user password to other workspace members. About 0.5% of Slack users had to change their passwords due to the issue.

Slack is an instant messaging program for organizational communication. It has more than 10 million daily active users and is one of the most popular workspace platforms.