Slack, the popular messaging platform for businesses, has announced that hackers gained access to its GitHub directories. However, the company assured its users that no action is required and the incident has been quickly resolved. It appears that the hackers only gained access to some directories containing pieces of source code, but user data and the main database were spared. Slack indicated that none of the repositories contained customer data, access to customer data, or access to the main Slack database. The intrusion was made possible through the malicious use of identification tokens belonging to company employees.
Although production servers were not affected, Slack has modified all identification used on GitHub as a precaution. Slack has also stated that it is continuing to investigate and monitor the situation to prevent any further vulnerability. This is not the first time that the platform has been targeted by cyberattacks. In 2015, passwords for some accounts had to be reset after an attack, and in 2022, a vulnerability identified by a cybersecurity specialist prompted the company to review its practices. As a preferred tool for many multinationals (and some government agencies), Slack is a popular target for hackers. It was also used in the widespread hack of Uber in 2022.