Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Slack Says Hackers Stole Private Source Code Repositories

Enterprise communication and collaboration platform Slack has informed customers that hackers have stolen some of its private source code repositories, but claims impact is limited.

Enterprise communication and collaboration platform Slack has informed customers that hackers have stolen some of its private source code repositories, but claims impact is limited.

Slack disclosed the incident on December 31. It’s not uncommon for companies to disclose data breaches right before or during major holidays in hopes that they will not get too much attention.

On the other hand, Slack said it learned of the suspicious activity on December 29 so it may have just wanted to inform customers about the incident as soon as possible.

The investigation showed that the attackers downloaded private code repositories on December 27. The hackers apparently gained access to the company’s externally hosted GitHub repository using stolen employee tokens. The company said a “limited number” of employees were impacted.

The compromised repositories did not contain customer data or information that could be used to access customer data. They also did not contain Slack’s primary codebase, the company said.

“Our current findings show that the threat actor did not access other areas of Slack’s environment, including the production environment, and they did not access other Slack resources or customer data. There was no impact to our code or services, and we have also rotated all relevant credentials as a precaution,” Slack explained.

It added, “Based on currently available information, the unauthorized access did not result from a vulnerability inherent to Slack. We will continue to investigate and monitor for further exposure.”

Slack’s disclosure came roughly one week after identity and access management solutions provider Okta informed customers that some source code was stolen from its GitHub repositories. It’s unclear if the incidents are related.

There have been several security incidents involving source code this year. In April, GitHub revealed that the private repositories of dozens of organizations were downloaded using stolen OAuth tokens issued to Heroku and Travis CI. GitHub said that attack was highly targeted.

Related: Slack Forces Password Resets After Discovering Software Flaw

Related: GitHub Account Renaming Could Have Led to Supply Chain Attacks

Related: GitHub Announces Free Secret Scanning, Mandatory 2FA

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.