- Slack announced a security issue involving unauthorized access to a subset of Slack’s code repositories.
- No downloaded repositories contained customer data, thus no action is required and the incident was resolved.
- Based on currently available information, the unauthorized access did not result from a vulnerability inherent to Slack.
Slack announced a security incident that involves unauthorized access to a subset of Slack’s code repositories, a library of software code also includes documentation, notes, web pages, and changes. Slack claims that the incident was resolved quickly and it doesn’t affect customers, thus, no action is required.
Stolen employee tokens
On 29 December, Slack was notified of an unusual activity on their GitHub account. The investigation showed that a limited number of Slack employee tokens were stolen. Unauthorized third parties used these tokens to gain access to Slack’s externally hosted GitHub repository. The next investigation showed that the unauthorized third party downloaded the private code repositories on 27 December.
Slack stated that stolen repositories don’t contain customer data and don’t enable threat actors to access customer data or Slack’s primary codebase. The company also invalidated the stolen tokens and rotated all relevant credentials as a precaution. Slack also confirmed that there is no impact on its code or services. The company is continuing to investigate the flaw that led threat actors to steal the repositories but based on current information, the incident did not result from a vulnerability on Slack’s side.