Breach, DevSecOps, Supply chain

Slack’s private GitHub code repositories compromised

Enterprise instant messaging platform Slack had some of its private GitHub source code repositories compromised in a cyberattack, which it claims has limited impact, SecurityWeek reports. Attackers leveraged stolen employee tokens to access Slack's externally hosted GitHub repository and download private code repositories on Dec. 27, according to Slack, who noted that the breach only impacted a "limited number of employees" and did not expose any customer information nor the platform's primary codebase. "Our current findings show that the threat actor did not access other areas of Slacks environment, including the production environment, and they did not access other Slack resources or customer data. There was no impact to our code or services, and we have also rotated all relevant credentials as a precaution," said Slack. Nearly a week prior to Slack's disclosure of the breach on Dec. 29, Okta noted that its GitHub repositories have also been compromised, resulting in the theft of some source code.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.