recommended reading

Threatwatch

Slack Quickly Patches Bug That Allowed Access to Chats

Stolen credentials; Software vulnerability

Slack, a team messaging app, in five hours patched a bug that allowed a hacker access to a user’s communications.

That includes all the private messages where users may be less likely to talk strictly work.

Detectify Labs security researcher Frans Rosén determined he could steal users' private tokens—which allow access to the user’s communications—by tricking them with a malicious web page.

According to Rosén, Slack responded to his first notification 33 minutes after he sent it and resolved the issue within five hours. The company also paid him $3,000 for reporting the bug.

sector

Web Services

reported

February 28, 2017

reported by

The Next Web

number affected

Unknown

location of breach

Unknown

perpetrators

Researchers

location of perpetrators

Unknown

date breach occurred

2017/02

date breach detected

2017/02/28