Slack’s New Year Breach

Following Elon Musk’s Twitter purchase and the severe layoff number of its staff, concerns about data breaches have been at an all-time high. Now news of a security incident predating the takeover is causing even more concern.

A wealth of Data Hacks over the New Year

Hackers have released a trove of 200 million email addresses and Twitter handle links that appear to have been gathered between June 2021 and January 2022. The Twitter sale may put anonymous Twitter accounts at risk and heap further regulatory scrutiny on the controversial platform than ever before.

WhatsApp has launched a new anti-censorship tool that it hopes will help users in Iran avoid government-enforced blocking of the messaging platform, making it possible for people to use proxies to access the app and avoid government filtering. This is now available globally.

Following the news, cybersecurity firm Mandiant revealed that it has witnessed Russian cyberespionage group Turla utilizing innovative hacking techniques in Ukraine. Believed to be linked to the FSB intelligence agency, the group was spotted piggybacking on dormant USB infections of rival hacker groups. Turla registered expired domains of older malware and took control of their command and control servers.

Slack’s Security Updates

On December 31, Slack posted a security update to its blog revealing it detected security issues of unauthorised access to a subset of Slack’s code repositories. It detected an unknown threat actor on December 27 stealing Slack employee tokens and using them for accessing the external GitHub repository, downloading some of the company code.

The company acted quickly to invalidate the tokens and investigated the negative impact caused to their customers. The attacker had not accessed customer data and Slack users were not given any instructions to do anything. This followed an almost identical attack on authentication firm Okta.

Slack quickly discovered the incident and reported it, but its security disclosure didn’t appear on its usual news blog. In some parts of the world, Slack actively included code to prevent search engines from including it within results. In August of 2022, Slack forced password resets following a bug exposing hashed passwords for five straight years. The good news with the most recent security update following the breach is that no action needs to be taken by customers – for now.

Other techniques employed by businesses wanting to limit any visibility on news include geo-fencing and tailoring the robots.txt file. These techniques are typically frowned upon.

For more information on enterprise security and any upcoming cybersecurity conference, check out the upcoming events from Whitehall Media.