Slack

Slack suffered a security incident that affected some of its private GitHub code repositories.

The immensely popular Salesforce-owned IM app is used by an estimated 18 million users at workplaces and digital communities around the world.

The breach happened on December 31st, 2022.

The threat actors gained access to Slack's externally hosted GitHub repositories via a limited number of Slack employee tokens that were stolen.

Source: https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/slacks-private-github-code-repositories-stolen-over-holidays/amp/

TPRM report: https://scoringcyber.rankiteo.com/company/tiny-spec-inc

"id": "sla1946123",
"linkid": "tiny-spec-inc",
"type": "Breach",
"date": "12/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Technology',
                        'name': 'Slack',
                        'size': '18 million users',
                        'type': 'Company'}],
 'attack_vector': 'Stolen Employee Tokens',
 'data_breach': {'type_of_data_compromised': ['Private GitHub Code '
                                              'Repositories']},
 'date_detected': '2022-12-31',
 'description': 'Slack suffered a security incident that affected some of its '
                'private GitHub code repositories.',
 'impact': {'data_compromised': ['Private GitHub Code Repositories']},
 'initial_access_broker': {'entry_point': 'Stolen Employee Tokens'},
 'title': 'Slack GitHub Code Repository Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Stolen Employee Tokens'}

Slack

Gloucester County

Federal Bureau of Investigation (FBI)

Microsoft