Stolen Slack employee tokens lead to compromise of GitHub repository.

In a recent development, Slack, the popular messaging platform used by numerous companies across the country, has announced that an outside threat actor stole a limited number of employee tokens and used them to gain access to the company's externally hosted GitHub repository on Saturday.

Despite the breach, Slack confirmed that the threat actor did not access any of its remaining environment or customer data. As a precaution, the company has rotated all relevant credentials.

The incident is part of a growing trend, according to Peter Firstbrook, VP analyst at Gartner. Threat actors are increasingly using stolen passwords to log into systems, bypassing traditional methods of hacking through vulnerabilities and misconfigurations.

The security of the Slack platform has become increasingly important as companies have become increasingly dependent on it as a key method of communication, particularly since corporate employees moved to remote or hybrid operations during the pandemic.

Slack immediately invalidated the stolen tokens and is investigating and monitoring for further exposure. The company also announced plans in August to increase security through the use of no-code audit logs, which give administrators the ability to conduct fast reviews of unusual activity.

Meanwhile, another security incident involving codebase compromise was reported last week with LastPass. The threat actor copied a backup of its customer vault data, though the specific code repository used was not specified.

In a separate incident, researchers from Checkmarx discovered a vulnerability in GitHub's repository namespace retirement mechanism. This vulnerability, known as repojacking, raises the risk of supply chain attacks.

In December, Okta reported a previous incident where its source code repositories were accessed and copied. Threat actors have also targeted GitHub repositories, as was the case with the incident involving Slack. However, in Slack's case, none of the downloaded private code repositories contained customer data, a means to access that data, or the company's primary code base.

The search results do not provide the name of the threat actor who attacked Slack's externally hosted GitHub repository. The Slack incident underscores the importance of robust security measures in the digital age, where data breaches can have significant implications for businesses and their customers.