An Interest In:
Web News this Week
- April 26, 2024
- April 25, 2024
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
Ouch: Some Slack developers have been exposing corporate data
If you perform a very specific query in the search field of online code repository Github, where many Slack bot projects are stored, you can get info that potentially lets you access a trove of corporate data, including companies' internal chats and files.
This is because a lot of Slack bot developers — and there are a lot of them, since building a Slack bot is quite easy — included their Slack tokens (personal Slack account credentials) directly in the code, which they share publicly on Github.
SEE ALSO: How do I make Slack apps?
The issue was discovered by security company Detectify, which notified Slack about it on March 26. Detectify managed to find "thousands" of such tokens with a simple GitHub search. The story was first reported by Quartz. Read more...
Original Link: http://feeds.mashable.com/~r/mashable/tech/~3/V5nS03TrFj8/
Mashable
Mashable is the top source for news in social and digital media, technology and web culture.More About this Source Visit Mashable