Whilst Slack can be a great collaboration tool, especially for remote teams, there are a number of vulnerabilities that IT security teams need to be aware of. And several recent high profile hacks highlight this.
EA Games hack
For example, in 2021 hackers were able to steal large amounts of data (fortunately not customer data) from EA Games by breaking into their systems via Slack. In this case, they were able to do so by initially purchasing stolen cookie data to gain access to EA’s Slack channel.
Once there, the hackers were able to contact IT support members, claiming to have lost their phone, and request a multi-factor authentication (MFA) code to access the EA’s corporate network. Through this they could access a service for compiling games. They logged in and created a virtual machine giving them more visibility into the network and access to another game source code.
How to stop a similar attack happening to you
In this whole process, the easiest point to stop the hack was at the final hurdle. IT support staff that shared the MFA code should have done more to verify the person’s identity before granting them access to the corporate system. But this shows how convincing hackers can be, so it’s crucial for all staff – including the cybersecurity team – to be aware of these hacks.
As for the other parts of the process, it is possible to reduce the risk of your cookies being stolen. For example, generating large, random, collisionless tokens can make them harder to crack. And to prevent token abuse in case your cookies are stolen, you can consider regenerating tokens more frequently, or shortening session times to reduce their validity.
It is also important to educate employees on potential security flaws with Slack and encourage them not to share confidential information via this channel.