On December 31, Slack disclosed an incident in which some private source code repositories were stolen by hackers. Slack stated that it learned of the suspicious activity just a few days earlier on December 29 and has claimed that the attack’s impact was limited. The investigation showed that attackers downloaded private code repositories on December 27.
The hackers were able to gain access to the company’s GitHub repository using stolen employee tokens. Slack has claimed that a limited number of employees were impacted by the theft. According to the messaging platform, the attackers did not access other areas of Slack’s environment, such as customer data, other resources, or the production environment. The unauthorized access did not result from a vulnerability that was inherent to Slack, the company claimed.