新聞

Slack Security Update

Because we take security, privacy, and transparency very seriously, we are sharing the details of a recent incident.

作者: Slack’s Security Team2022 年 12 月 31 日

Updated January 9, 2023

We recently became aware of a security issue involving unauthorized access to a subset of Slack’s code repositories. Our customers were not affected, no action is required, and the incident was quickly resolved. Because we take security, privacy, and transparency very seriously, we are sharing the details of the incident below.

What happened

On December 29, 2022, we were notified of suspicious activity on our GitHub account. Upon investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository. Our investigation also revealed that the threat actor downloaded private code repositories on December 27. No downloaded repositories contained customer data, means to access customer data, or Slack’s primary codebase.

Our response and investigation

When notified of the incident, we immediately invalidated the stolen tokens and began investigating potential impact to our customers. Our current findings show that the threat actor did not access other areas of Slack’s environment, including the production environment, and they did not access other Slack resources or customer data. There was no impact to our code or services, and we have also rotated all relevant credentials as a precaution.

Based on currently available information, the unauthorized access did not result from a vulnerability inherent to Slack. Our investigation has shown that a third-party vendor was compromised. We have worked with the vendor on credential rotation and are ensuring the security of tokens going forward.

We will continue to investigate and monitor for further exposure. We have put additional, increased alerting in place to monitor our externally hosted GitHub repository. We are also working with our vendors and security partners to ensure that tokens used to access any Slack repositories are stored safely and securely.

FAQ

What is a code repository?
A code repository is a library of software code. In addition to the code itself, the repository holds documentation, notes, web pages and tracks changes.

How was I impacted?
There was no customer impact, and no action needs to be taken by customers.

Who can I reach if I have additional questions?
If you have any additional questions, please contact us at feedback@slack.com.

這則貼文有幫助嗎?

0/600

超讚!

非常感謝你提供意見回饋!

知道了!

感謝你提供意見回饋。

糟糕!我們遇到問題了。請稍後再試一次!

繼續閱讀

轉型

適用於客戶支援的 Slack:Slack 社群紐約分會專家分享秘訣

聽 Slack 專家分享如何充分運用 Slack 提供客戶支援。

開發人員

在 Slack 進行建構變得好簡單:開發人員和管理員適用的全新工具於今日上線

自助沙箱、Bolt 適用的自訂函式加上改良版軟體堆疊整合,在 Slack 進行建構從未如此順利

開發人員

建立自動化構成元素

現已推出新一代平台 Beta 版供所有開發人員使用

新聞

全新工作流程建立工具為所有人實現工作自動化

新的自動化功能可以實現更強大的工作流程,不受使用者的技術專業能力所限