"Slack Says Hackers Stole Private Source Code Repositories"

Enterprise communication and collaboration platform Slack has recently informed customers that hackers have stolen some of its private source code repositories, but claims impact is limited.  Slack disclosed the incident on December 31.  Slack said it learned of the suspicious activity on December 29.  The investigation showed that the attackers downloaded private code repositories on December 27.  According to Slack, the hackers gained access to the company’s externally hosted GitHub repository using stolen employee tokens.  The company said a “limited number” of employees were impacted.  The company noted that the compromised repositories did not contain customer data or information that could be used to access customer data.  They also did not contain Slack’s primary codebase.  The company stated that their current findings show that the threat actor did not access other areas of Slack’s environment, including the production environment, and they did not access other Slack resources or customer data.  The company noted that there was no impact to their code or services and that they have rotated all relevant credentials as a precaution.  According to the current available information, the unauthorized access did not result from a vulnerability inherent to Slack. 

SecurityWeek reports: "Slack Says Hackers Stole Private Source Code Repositories"