Two Women Sitting in Front of Computer Monitor. — Photo: by Pexels
Slack has suffered a cybersecurity incident during the holidays where private GitHub code repositories were stolen. The incident entails threat actors who gained access to Slack’s externally hosted GitHub repositories using a “limited” number of stolen Slack employee tokens.
According to Slack: “We were notified of suspicious activity on our GitHub account. Upon investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository. Our investigation also revealed that the threat actor downloaded private code repositories on December 27. No downloaded repositories contained customer data, means to access customer data, or Slack’s primary codebase.”
While some of Slack’s private code repositories were breached, Slack’s primary codebase and customer data remain unaffected, according to the company.
Considering the issue and its wider implications for Digital Journal is Javed Hasan, CEO, Lineaje.
Hasan explains the incident and its significance: “Over the holidays, via its GitHub account, Slack saw a number of employee tokens stolen. They were then used to gain unauthorized access and download private code repositories. While every breach is serious, this particular incident shines a harsh light on the need for industry education on software supply chain security risks.”
In terms of the impact, Hasan states: “While it’s a positive that Slack lost no customer data, you shouldn’t have to choose between losing source code or sensitive customer information. Code is not just IP – it is a useful tool in helping hackers attack your customers through your platform, so both must be protected.”
However, the issue is of seriousness, as Hasan explains: “The stage is now set for Slack’s customers to be potentially compromised through upstream tampers in their – now known to the hackers – supply chain.”
In terms of the wider lessons for businesses, Hasan explains: “Organizations need to know what’s in their own software – as well as the software they use, so they can secure their software supply chain as diligently they secure their own data.”
Hasan adds another recommendation for businesses to consider, which is: “Organizations should seek out tools that can give a holistic view of the software bill of materials (SBOM) for all of their vendors (and their own software too!)” Hasan concludes, noting: “Technology companies like Slack are part of the software supply chain and have a duty to secure their code, expand to securing their entire software supply chain and thus protect their customers from attacks through Slack.”
