Slack is one of the most well-known communication and collaboration platforms in the world, mainly serving businesses/organizations. In January 2021, Slack and Salesforce announced an agreement. Salesforce acquired Slack for approximately US$27.7 billion. Today, Slack has more than 20 million users worldwide.
Some time ago, it was the Christmas holiday abroad, but Slack engineers should have been very depressed during the holiday, because on December 27 their private GitHub code base was hacked and code leaks occurred.
Criminals have gained access to Slack GitHub repositories through a stolen "limited" number of Slack employee tokens. Slack said that while some of the company's private codebases were compromised, Slack's main codebase and customer data were not affected.
The announcement from Slack reads as follows:
On December 29, 2022, we were notified of suspicious activity on our GitHub account. Upon investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to access our externally hosted GitHub repositories. Our investigation also revealed that hackers downloaded a private code repository on December 27th. The downloaded repository did not contain customer data, a means of accessing customer data, or Slack's main codebase.
Slack has now invalidated the stolen tokens and rotated the associated keys. Slack is also investigating the "potential impact" on customers of the incident. There is currently no indication that Slack's various sensitive environments, including production, have been accessed.
Slack's security team also stressed that "based on currently available information, the unauthorized access was not due to a vulnerability inherent in Slack."
As the most well-known communication platform in the world, it is very normal to be targeted by hackers. In 2015, Slack was hit by a multi-day cyber attack, when hackers broke into its user profile database and obtained a lot of user information. In mid-2020, the company suffered a data breach that forced it to reset passwords for thousands of users.