10/2/2023 0 Comments Hackers slack it eacoxviceThere are multiple forums where your personal information is sold or accounts can be hacked on Demand. This is the advertisement when the access was granted on OG Forums yesterday. In other words, if hackers got access to a company's Slack account, they might be able to leverage the data found there - say, for example, login credentials to Twitter's admin panel - for additional mischief. "In addition, a breach of the security measures of one of our partners could result in the destruction, modification, or exfiltration of confidential corporate information, or other data that may provide additional avenues of attack." This "could lead to unauthorized access to their accounts and data within Slack (arising from, for example, an independent third-party data security incident that compromises those API keys, secrets, or passwords). "Users or organizations on Slack may also disclose or lose control of their API keys, secrets, or passwords," noted the company. One of those risk factors? You guessed it: Hackers getting access to customer Slack accounts, and all the fallout that could result. That required it to list possible " risk factors" the company (and the value of its stock) could face in the years to come. The San Francisco-based company warned way back in April of 2019 that hackers gaining access to customers' Slack accounts would be a disaster.Īt the time, Slack was preparing to go public. And while this obviously came as a surprise to Twitter, it likely didn't shock Slack. If that turns out to be accurate, then all someone had to do to facilitate the takeover of more than 130 high-profile Twitter accounts and temporarily bring the social media platform to its knees was gain entry to the colorful chatroom where employees' share GIFs and chat about the workday. And while it has yet to be confirmed, the New York Times reported Friday that the hacker was was able to access to Twitter internal systems after first gaining entry into Twitter's Slack account - where, allegedly, he found unspecified "Twitter credentials" that "gave him access to the company servers." Wednesday's massive Twitter hack forced the company to lock out its own users, temporarily, in a desperately bid to stop the ongoing bleeding. Twitter, it seems, may have been considerably less aware. The company is obviously aware of that risk and correctly assesses that it cannot entirely mitigate it.Slack holds the keys to its customers' kingdoms, and has long been aware how problematic that is. Slack can be subpoenaed by governments to share users’ content stored on its servers, but could also be breached by nation-state supported actors to grab information they might otherwise not be able to access. Slack is widely used in enterprise settings for collaboration and exchanging information, so it’s a goldmine of sensitive (and proprietary) information.Īlso, EFF’s Director of Cybersecurity Eva Galperin pointed out, journalists and activists regularly user of Slack to talk about sensitive projects, despite Slack not offering adequate security protections such as extensive encryption and a self-hosting option. It should not come as a surprise, though. The company did not say that it was actually breached by these types of attackers, but obviously they are aware of the possibility and underlying risk. But what caught the eye of many is the fact that Slack explicitly mentioned “organized crime” and “nation-states” as attackers who might want to breach its defenses. The inclusion of these points is not unusal, as the SEC mandates disclosures of cybersecurity risks and incidents before IPOs. “The security measures we have implemented or integrated into Slack and our internal systems and networks (including measures to audit third-party and custom applications), which are designed to detect unauthorized activity and prevent or minimize security breaches, may not function as expected or may not be sufficient to protect Slack and our internal systems and networks against certain attacks,” the company added, pointing out as an example the data breach it suffered in March 2015. In the documents it was required to file with the Securities and Exchange Commission (SEC) due to its going public, the company has spelled out the many cyber threats to its existence, functioning and financial results (and investors’ bottom line): “traditional” computer hackers, malicious code, employee theft or misuse, password spraying, phishing, credential stuffing, DoS attacks, compromised API keys and passwords, and so on. Slack Technologies, the company whose cloud-based collaboration tools and services are used by companies worldwide, has warned potential investors that the company faces threats from a wide variety of sources, including “sophisticated organized crime, nation-state, and nation-state supported actors.”
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |