The corporate communication and collaboration platform Slack reported a cyber incident that occurred during the holidays and affected some of its repositories on GitHub, about which the company notified customers.

The messaging app from Salesforce is quite popular and is used by approximately 18 million users in workplaces and digital communities around the world.

According to the results of the preliminary investigation, unauthorized access was not the result of a vulnerability. Hackers apparently gained access to the company's external GitHub repository using stolen employee tokens.

Slack believes that the attackers uploaded private code repositories on December 27, two days later suspicious activity was noticed, after which appropriate notifications were sent to customers on December 31.

The compromised repositories did not contain customer data or information that could be used to access them. According to the company, they also did not contain the main Slack codebase.

As a result, the company considers only a limited number of employees affected, and the incident itself did not affect the code or services. There is currently no indication that sensitive areas of the Slack environment, including the work environment, have been accessed.

At the same time, the resellers make assumptions about the possible relationship of the incident with the recent hacking of Okta and the stolen OAuth tokens. One way or another, we will see.