Slack Quickly Patches Bug That Allowed Access to Chats
Stolen credentials; Software vulnerability
Slack, a team messaging app, in five hours patched a bug that allowed a hacker access to a user’s communications.
That includes all the private messages where users may be less likely to talk strictly work.
Detectify Labs security researcher Frans Rosén determined he could steal users' private tokens—which allow access to the user’s communications—by tricking them with a malicious web page.
According to Rosén, Slack responded to his first notification 33 minutes after he sent it and resolved the issue within five hours. The company also paid him $3,000 for reporting the bug.
February 28, 2017
The Next Web
Link to report
location of breach
location of perpetrators
date breach occurred
date breach detected