새 소식

Slack Security Update

Because we take security, privacy, and transparency very seriously, we are sharing the details of a recent incident.

작성자: Slack’s Security Team2022년 12월 31일

Updated January 9, 2023

We recently became aware of a security issue involving unauthorized access to a subset of Slack’s code repositories. Our customers were not affected, no action is required, and the incident was quickly resolved. Because we take security, privacy, and transparency very seriously, we are sharing the details of the incident below.

What happened

On December 29, 2022, we were notified of suspicious activity on our GitHub account. Upon investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository. Our investigation also revealed that the threat actor downloaded private code repositories on December 27. No downloaded repositories contained customer data, means to access customer data, or Slack’s primary codebase.

Our response and investigation

When notified of the incident, we immediately invalidated the stolen tokens and began investigating potential impact to our customers. Our current findings show that the threat actor did not access other areas of Slack’s environment, including the production environment, and they did not access other Slack resources or customer data. There was no impact to our code or services, and we have also rotated all relevant credentials as a precaution.

Based on currently available information, the unauthorized access did not result from a vulnerability inherent to Slack. Our investigation has shown that a third-party vendor was compromised. We have worked with the vendor on credential rotation and are ensuring the security of tokens going forward.

We will continue to investigate and monitor for further exposure. We have put additional, increased alerting in place to monitor our externally hosted GitHub repository. We are also working with our vendors and security partners to ensure that tokens used to access any Slack repositories are stored safely and securely.

FAQ

What is a code repository?
A code repository is a library of software code. In addition to the code itself, the repository holds documentation, notes, web pages and tracks changes.

How was I impacted?
There was no customer impact, and no action needs to be taken by customers.

Who can I reach if I have additional questions?
If you have any additional questions, please contact us at feedback@slack.com.

이 포스트가 유용했나요?

0/600

훌륭해요!

피드백을 주셔서 감사합니다.

알겠습니다!

피드백을 주셔서 감사합니다.

죄송합니다. 문제가 발생했습니다. 나중에 다시 시도해주세요.

계속 읽기

개발자

Slack을 토대로 구축하는 일이 훨씬 더 쉬워졌습니다. 개발자 및 관리자를 위한 새로운 도구를 지금 이용해 보세요

셀프 서비스 샌드박스, Bolt를 위한 사용자 지정 함수, 소프트웨어 스택과의 개선된 통합이 Slack을 위한 구축을 그 어느 때보다 향상해 줍니다

개발자

자동화의 구성 요소 만들기

차세대 플랫폼이 베타 버전으로 출시되어 모든 개발자들이 사용할 수 있습니다.

새 소식

워크플로 빌더의 새로운 커넥터 65개를 통해 더욱 유용한 자동화를 만드세요

파트너 앱에 연계해 코딩이 아닌 클릭으로 업무를 자동화하는 새로운 방법을 소개합니다.

협업

자동화를 사용하여 프로세스를 간소화하고 생산성을 높인 Salesforce 마케팅 팀

워크플로를 통해 마케터는 새 캠페인을 더 빠르게 제작하고 출시할 수 있습니다