Slack, a team messaging app, in five hours patched a bug that allowed a hacker access to a user’s communications.
That includes all the private messages where users may be less likely to talk strictly work.
Detectify Labs security researcher Frans Rosén determined he could steal users' private tokens—which allow access to the user’s communications—by tricking them with a malicious web page.
According to Rosén, Slack responded to his first notification 33 minutes after he sent it and resolved the issue within five hours. The company also paid him $3,000 for reporting the bug.