Slack logo
ニュース

Slack Security Update

Because we take security, privacy, and transparency very seriously, we are sharing the details of a recent incident.

執筆者 : Slack’s Security Team2022年12月31日

Updated January 9, 2023

We recently became aware of a security issue involving unauthorized access to a subset of Slack’s code repositories. Our customers were not affected, no action is required, and the incident was quickly resolved. Because we take security, privacy, and transparency very seriously, we are sharing the details of the incident below.

What happened

On December 29, 2022, we were notified of suspicious activity on our GitHub account. Upon investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository. Our investigation also revealed that the threat actor downloaded private code repositories on December 27. No downloaded repositories contained customer data, means to access customer data, or Slack’s primary codebase.

Our response and investigation

When notified of the incident, we immediately invalidated the stolen tokens and began investigating potential impact to our customers. Our current findings show that the threat actor did not access other areas of Slack’s environment, including the production environment, and they did not access other Slack resources or customer data. There was no impact to our code or services, and we have also rotated all relevant credentials as a precaution.

Based on currently available information, the unauthorized access did not result from a vulnerability inherent to Slack. Our investigation has shown that a third-party vendor was compromised. We have worked with the vendor on credential rotation and are ensuring the security of tokens going forward.

We will continue to investigate and monitor for further exposure. We have put additional, increased alerting in place to monitor our externally hosted GitHub repository. We are also working with our vendors and security partners to ensure that tokens used to access any Slack repositories are stored safely and securely.

FAQ

What is a code repository?
A code repository is a library of software code. In addition to the code itself, the repository holds documentation, notes, web pages and tracks changes.

How was I impacted?
There was no customer impact, and no action needs to be taken by customers.

Who can I reach if I have additional questions?
If you have any additional questions, please contact us at feedback@slack.com.

この記事はお役に立ちましたか?

0/600

助かります!

ご意見ありがとうございました!

了解です!

ご意見ありがとうございました!

うーん、システムがなにか不具合を起こしてるみたいです。後でもう一度お試しください。

読み進める

ニュース

新しくなったワークフロービルダーで、あらゆる人に自動化の力を

新しい自動化機能により、技術的な専門知識がなくても、強力なワークフローを作成できます

生産性

インテリジェント プロダクティビティプラットフォームとしての Slack に力を与える新たな機能

今年の Dreamforce で発表される Slack の新機能の一部をご紹介

変革

見過ごされがちなツールが、Salesforce の IT 部門の変革に貢献

Slack クリップで、チームの時間を節約し、メンバーのエンゲージメントを向上

生産性

Salesforce の営業リーダーが実践!Slack で信頼を築き、生産性を高める 3 つの方法

企業が AI と自動化を活用して、従業員の連携力を高め、顧客とのつながりを深める方法とは