In September 2022, tech giant Uber had to shut down its company Slack channels after a malicious actor sent a Slack message to multiple employees, stating: “I am a hacker.” Yikes!
This incident isn’t the first time hackers have leveraged Slack in a cyber-attack, and we’ve got a feeling it certainly won’t be the last.
While we’re not saying you should abandon Slack, if you use this platform, you’re going to need to think seriously about security.
Below, we’ll explore Slack’s data breach history, explain how and why attackers are manipulating the platform, and offer actionable advice on how to use Slack securely in 2023.
What could a cybercriminal steal from Slack?
The nature of workplace communication today is instantaneous and always-on. Slack is the perfect vehicle for employees to easily collaborate, share information and stay productive wherever they’re based. For attackers, this makes Slack a high-value target for numerous reasons:
- Data theft: Your Slack channels may house valuable information like PII relating to employees and customers, financial data and much more. This data is lucrative for fraud, as well as for selling on the dark web.
- Sophisticated attacks: Criminals can use Slack as a stepping stone to compromise other applications within your organization.
- Information gathering: Slack can help attackers to discover information about your company, your partners and your customers, which can then be used for further exploitation.
Slack security incidents are soaring
Slack is one of the most widely used communications platforms out there, inherently making it a lucrative target for malicious actors.
Just think of the amount of sensitive information held across different Slack channels, and by the company in itself. If a cyber-criminal wants to get their hands on company secrets, PII or credentials, Slack is an obvious company to hack.
And that’s exactly what many attackers have tried to do over the past few years. Here’s a timeline of recent security incidents:
- Uber breach (2022): A hacker tricked an Uber contractor into granting access to internal systems, including Slack.
- Rockstar games breach (2022): A hacker used social engineering tactics to successfully compromise an employee Slack account, stealing 90 videos of unreleased game footage and internal source code.
- Slack misconfiguration (2022): One of Slack’s features is found to have a flaw that exposes cryptographically protected versions of users’ credentials.
- EA breach (2021): Hackers purchased stolen cookies, one of which contained the login details of an EA employee for Slack. They stole a huge 780 gb of data.
- Twitter breach (2020): Attackers hijacked Twitter’s servers after using stolen login details to break into Twitter’s internal Slack channel.
- Slack vulnerability (2020): A vulnerability was discovered, which enabled automated account takeovers (ATOs).
As you can see, there are two major causes of Slack security incidents: vulnerabilities within Slack’s infrastructure and, more commonly, social engineering attacks.
So, we’ve got a two-pronged issue. Firstly, there’s the concern that Slack, as a company, could be breached or unintentionally leak customer data due to a cloud misconfiguration.
As well as this, there’s the risk of cyber-criminals using social engineering attacks and other tactics to exploit users’ identities and break into organizations’ slack channels.
How to Secure Slack in 2023
While some of the onus is on Slack to discover and remediate vulnerabilities before hackers find them, organizations using the app also have security responsibilities.
Under the shared responsibility model of the cloud, companies using a SaaS app are responsible for correctly configuring the application, along with identity and access management. In other words, it’s your duty to prevent attackers from breaking into employee Slack accounts.
But that’s not always possible. Sophisticated social engineering attacks like the Uber incident highlight the lengths attackers will go to in order to manipulate employees into sharing their credentials or multi-factor authentication codes.
So, instead of attempting to secure access to Slack, we recommend a more granular approach, where you focus on securing sensitive data in Slack.
That’s where cloud data loss prevention (DLP) solutions like Polymer DLP become vital.
Polymer DLP for Slack
Polymer DLP is a life saver for Slack data security risks. It completely mitigates the risks associated with credentials compromise in Slack.
Using a clever self-learning engine and ready-to-rock compliance templates, our tool immediately discovers and protects sensitive information in your Slack workspaces, including unstructured data in chats, images and PDF files.
Harnessing the power of intelligent analytics, Polymer DLP prevents compromised user accounts from stealing sensitive data.
Through contextual analysis, it ensures that only verified, genuine users access your information. Even then, our solution ensures that these users only interact with your sensitive information in a compliant way, so no data is illegally copied, downloaded or edited without the IT team’s permission.
Oh – and we also help you to build a culture of security in your organization, thanks to our in-app security nudges, which educate users on security best practices in real-time.
iInd out more about Polymer DLP for Slack, and head into 2023 confident in your Slack security.