How the Twitter hack highlights the dangers of Slack
Slack holds the keys to its customers' kingdoms, and has long been aware how problematic that is. Twitter, it seems, may have been considerably less aware.
Wednesday's massive Twitter hack forced the company to lock out its own users, temporarily, in a desperately bid to stop the ongoing bleeding. And while it has yet to be confirmed, the New York Timesreported Friday that the hacker was was able to access Twitter internal systems after first gaining entry into Twitter's Slack account — where, allegedly, he found unspecified "Twitter credentials" that "gave him access to the company servers."
If that turns out to be accurate, then all someone had to do to facilitate the takeover of more than 130 high-profile Twitter accounts and temporarily bring the social media platform to its knees was gain entry to the colorful chatroom where employees' share GIFs and chat about the workday. And while this obviously came as a surprise to Twitter, it likely didn't shock Slack.
The San Francisco-based company warned way back in April of 2019 that hackers gaining access to customers' Slack accounts would be a disaster.
At the time, Slack was preparing to go public. That required it to list possible "risk factors" the company (and the value of its stock) could face in the years to come. One of those risk factors? You guessed it: Hackers getting access to customer Slack accounts, and all the fallout that could result.
"Users or organizations on Slack may also disclose or lose control of their API keys, secrets, or passwords," noted the company. This "could lead to unauthorized access to their accounts and data within Slack (arising from, for example, an independent third-party data security incident that compromises those API keys, secrets, or passwords).
"In addition, a breach of the security measures of one of our partners could result in the destruction, modification, or exfiltration of confidential corporate information, or other data that may provide additional avenues of attack."
In other words, if hackers got access to a company's Slack account, they might be able to leverage the data found there — say, for example, login credentials to Twitter's admin panel — for additional mischief.
Tweet may have been deleted
We reached out to Slack in an attempt to confirm the New York Times' reporting, but received no immediate response. We also asked Twitter whether or not it kept internal login credentials posted in its Slack channel, but did not receive a direct response. Instead, we were pointed to a @TwitterSupport thread where the company has been disclosing information about the breach of its systems.
Employees leaking internal chats have long been the bane of tech and media companies that rely on Slack for everyday business. It should come as no surprise that when an entire company speaks via one digital tool, and every thought and message shared over that tool is recorded for posterity, then leaks have the potential to cause real damage.
And as Twitter discovered this week, leaks aren't the only thing it needs to worry about when it comes to Slack.
UPDATE: July 19, 2020, 9:46 a.m. PDT: A Slack spokesperson responded to our request for comment, and emphasized that social engineering — where someone (or multiple people) is tricked into divulging passwords or other valuable information — appears to be the issue here.
Slack's security and the integrity of our platform were not compromised in any way. As Twitter has said, they believe this attack was accomplished through social engineering by people who successfully targeted some of their employees with access to internal systems and tools. Social engineering tactics, such as phishing schemes, are often used by attackers to obtain valid credentials or other personal information.
This, of course, does not change the fact that plaintext data shared on Slack — if viewed by the wrong person — could be a company's Achilles' heel. As always, it pays to watch what you post.
Related Video: It's surprisingly easy to be more secure online
(责任编辑:关于我们)
- The Apple iPod: Pocket Music Before That Phone
- The joke's on us: Amazon still made out like a bandit
- Seoul on alert over Pyongyang's imminent spy satellite launch
- Singapore's Ministry of Defence suffers its first successful cyberattack
- Where to pre
- It's Unnecessary But, AMD Is Basically Lying About CPU Performance
- What it's like to be polyamorous during the coronavirus quarantine
- Sick of at
- 现场交易、意向签约超16亿元!华南餐饮业“第一展”吸引12万人次现场观展
- [Online Predators] Deepfake pornography haunts S. Korea
- Chelsea frustrated in 1
- S. Korea detects signs of N. Korea seeking to attract Chinese investment to Kaesong complex
- N. Korea celebrates completion of building more new homes in Pyongyang
-
Speeding space object triggered a warning. It wasn't an asteroid.
It's good to know that our planetary defense systems work. The European Space Agency revealed that o ...[详细] -
Seoul imposes sanctions on NK hacking group for role in space launch
A TV screen shows an image of North Korea's rocket launch during a news program at Seoul Station, Th ...[详细] -
Apple finally fixes App Store's ridiculously complicated unsubscribe process
Apple is finally, finally addressing one of the most frustrating parts of the App Store: the unsubsc ...[详细] -
Marvel's 'Inhumans' series has found its star in Anson Mount
Anson Mount is trading in his cowboy hat for a crown. The Hell on Wheelsstar has nabbed the lead rol ...[详细] -
Scout Brobst ,July 30, 2024 Venture Missio ...[详细]
-
Guy quits his crappy job in the best way possible
Sometimes, you need to go out with a bang. Or a flush.Giving two weeks is a pretty standard practice ...[详细] -
All the times the Oscars threw shade at Donald Trump
We can always rely on awards season to be a self-congratulatory parade of beautiful and talented peo ...[详细] -
Facebook update for Android gives more control over location settings
It's been a tough week for Facebook — especially after UK lawmakers likened Mark Zuckerberg an ...[详细] -
尝“鲜”盛宴,等你来探!2024年清远西牛麻竹笋尝鲜季即将启幕
尝“鲜”盛宴,等你来探!2024年清远西牛麻竹笋尝鲜季即将启幕_南方+_南方plus品西牛麻竹笋,尝天下第一鲜。眼下正值麻竹笋丰产的黄金时期,此时的笋肉质细嫩,水分饱满,味道清甜,成为食客们的尝鲜首选 ...[详细] -
The dramatic Oscars mishap also happened in 1964
Long before there was Warren Beatty, Sammy Davis Jr. was the king of awkward moments on live televis ...[详细]
The Analog Embrace: How Some Experiences Are Surviving the Digital Age
Korea to expand use of drones to delivery, life
- 夜间献血模式“上线”
- Gov't conducts radiation tests on North Korean defectors with contamination risks
- Seoul imposes sanctions on NK hacking group for role in space launch
- 带上专属身份证来参展!信宜“信”字号土特产亮相荔乡盛会
- 广东超一半的北运淡水鱼来自这里!全链发力打响“南海鱼”金字招牌
- Energy Dome launches world's first CO2 battery energy storage facility
- Brain scans help predict the stories we're most likely to share