Slack has admitted to accidentally exposing the hashed passwords of workspace users. The company says: “we notified approximately 0.5% of Slack users that we had reset their passwords in response to a bug that occurred when users created or revoked a shared invitation link for their workspace.”
Sharon Nachshony, Security Researcher at Silverfort, explains: “Hashes of salted passwords being leaked is not as dangerous as exposing them in plain-text, as an attacker would have to use brute-force methods — essentially automating a script to guess passwords — which takes some time.” However, there are still some risks.
Slack adds that the bug was discovered by an independent researcher and affected users who created or revoked invitation links between 17 April 2017 and 17 July 2022.
Commenting on the issue is Ofer Maor, CTO and co-founder of Mitiga.
For organizations that were compromised, Maor recommends the following five tips going forward:
Private/Public Groups Culture
Defining a clear policy on what types of groups can be public and what types need to be private, enforcing it, and educating the users around it. It is not an easy shift, but nonetheless, it is an essential one for something that becomes critical infrastructure and a repository of data.
Limited 3rd Party App Permissions
Restricting 3rd party apps to the bare minimum permissions is a necessary step in limiting the impact of a 3rd party breach. Sometimes it is better to simply give up on an app that is not necessary. At other times you can restrict the app to the minimum privileges needed to allow functionality. Many app vendors normally ask for excessive permissions without any real need.
Backups for Slack
Backing up your Slack is essential if Slack serves as a knowledge management repository and a critical asset in the organization. Backups can be done through automation of Slack’s export capabilities or using 3rd party vendors that offer this service.
Enable Advanced Security Features
Requiring multi-factor authentication (MFA) (directly or via SSO) is the bare minimum, but you can enable additional security features, including additional encryption, compliance, security management, and more when purchasing the Enterprise license for Slack.
Collect and Prepare Slack Logs (Forensics)
Collecting, analyzing, enriching, and preparing Slack logs makes it easier to quickly respond to an incident or a breach, so that it can be contained and eradicated as quickly as possible — and with minimal impact. Forensics analysis sits at the baseline of any major breach response. Through forensics analysis, incident responders can understand and block the entry path, assess the damage that has been done, and respond quickly and effectively.