Messaging service Slack has temporarily lost control of its GitHub accounts. As a result, an unauthorized user who gained access could download some code repositories. The leak has now been fixed.
Slack writes that in a blog post. The company does not say what the affected repositories are used for. Slack does report that the source code and user data have not been affected. According to the company, this data is stored somewhere else.
The incident took place on December 29, Slack reports. “On December 29, 2022, we became aware of suspicious activity on our GitHub account. After investigating, we revealed a limited number of Slack employee tokens were filched and misused to access our externally hosted GitHub repository. An investigation also shows that the intruder downloaded private code repositories on December 27.
None of the downloaded repositories confined customer data, means to entree customer data, or Slack’s principal codebase,” the platform writes.
Now owned by Microsoft, GitHub is a popular platform for storing software databases. Unfortunately, those code repositories are often the target of attacks, often as a possible stepping stone to get hold of login data for other company systems. In December, for example, authentication provider Okta saw another copy of its code on Github.