According to a recent report from the security company Detectify, the fact that bot developers for Slack have kept the tokens within their code have made them to be vulnerable, and therefore, conversations, sensitive data In addition to other information, they may have been accessible by people outside the organizations themselves.
Detectify has reported this situation to Slack itself, which has already taken action on the matter, revoking the leaked tokens and warning the developers themselves to be more careful in this matter, trying to place the tokens at the same level of importance as the passwords.In addition, Slack has also sent notifications to users and teams that may have been affected by this situation. And it is that these tokens, due to their format, can be easily accessible through the platforms in which codes are exposed publicly, such as GitHub itself.
In this sense, researchers from the security company have detected more than 1,500 tokens belonging to different companies and institutions of different sizes, although both the security company and Slack itself have not wanted to publicly name their names.
Slack will influence this aspect both in the document and in the communications they offer to developers.