Slack private code on GitHub stolen

Jovi Umawing

Jovi Umawing

Online collaboration platform Slack reported on New Year’s Eve it had suffered a “security incident” where some of its code stored on GitHub was stolen. According to the post from the company’s security team, Slack’s private code repositories were accessed using swiped employee tokens. No customer data was contained in the repositories.

“On 29 December 2022, we were notified of suspicious activity on our GitHub account. Upon investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository. Our investigation also revealed that the threat actor downloaded private code repositories on 27 December. No downloaded repositories contained customer data, means to access customer data or Slack’s primary codebase.”

Slack didn’t mention how the breach was discovered, nor how the tokens were stolen.

If this story of code theft seems familiar, then you’re likely aware that something similar happened to Okta, an access management software that allows employees to log in to restricted company resources using single sign-on. Coincidentally, some time between these two GitHub breach incidents, CircleCI, a popular DevOps company, had its systems compromised, potentially exposing all customer secrets—the term it uses for passwords or private keys.

Ars Technica’s Dan Goodin entertained the possibility the Slack, CircleCI, and LastPass breaches were related.

While the investigation is ongoing, Slack shared its current findings that the attacker did not access the company’s other environments, which include production and resource environments.

“Based on currently available information, the unauthorized access did not result from a vulnerability inherent to Slack,” the notice said. The company has already taken steps to secure its GitHub account by invalidating the stolen tokens.

Slack customers don’t need to take any action following the breach.