Slack has revealed that some of its private code repositories were stolen, although the company says no customer data was impacted.
Slack is one of the most popular messaging platforms. Like many companies, it relies on GitHub repositories to help manage its code base. GitHub notified the company of suspicious activity on an external repository, leading to the discovery of the breach.
The company outlined the details in a blog post:
On 29 December 2022, we were notified of suspicious activity on our GitHub account. Upon investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository. Our investigation also revealed that the threat actor downloaded private code repositories on 27 December. No downloaded repositories contained customer data, means to access customer data or Slack’s primary codebase.
The company reassures users that the issue is not an inherent vulnerability within Slack, and that no other information was accessed:
When notified of the incident, we immediately invalidated the stolen tokens and began investigating potential impact to our customers. Our current findings show that the threat actor did not access other areas of Slack’s environment, including the production environment, and they did not access other Slack resources or customer data. There was no impact to our code or services, and we have also rotated all relevant credentials as a precaution.
Based on currently available information, the unauthorised access did not result from a vulnerability inherent to Slack. We will continue to investigate and monitor for further exposure.
Hopefully Slack’s initial investigation is correct and no further breaches are discovered.