Cyren Security Blog

Lessons Learned from the Slack & Hipchat Breaches

by Avi Turiel

Security Research & AnalysisWeb Security

In late March Slack confirmed they had suffered a security breach where “there was unauthorized access to a Slack database storing user profile information”. Slack is a recently launched team collaboration tool that offers organizations a way to simplify communications, file-sharing, project management and more. Organizations sign up their employees who then collaborate in open, searchable groups. 

During the breach, which continued for about four days, the hackers had access to a central database which includes user names, email addresses, and one-way encrypted (“hashed”) passwords. In addition, this database contains information that users may have optionally added to their profiles such as a contact number and Skype ID. In a blog post following the breach, Slack said that the company noticed “suspicious activity” on a small number of accounts: “As part of our investigation we detected suspicious activity affecting a very small number of Slack accounts. We have notified the individual users and team owners who we believe were impacted and are sharing details with their security teams.” This statement seems to imply that the hackers gained access to the actual chat and share areas of some organizations which have signed up to Slack. This would give them access to all shared documents, code and discussions – many of which may contain confidential company information. The Slack breach comes one month after a similar breach at another productivity startup – HipChat, which also offers intra-business chat and collaboration. They issued a similar announcement, telling of, “suspicious activity on the HipChat service that resulted in unauthorized access to names, usernames, email addresses, and encrypted passwords for a very small percentage (<2%) of our users.” 

There are two main lessons that organizations must learn from these breaches: 

• Online (cloud) business tools are now targets for cybercriminals: the popularity of these tools has not escaped their attention. They offer a treasure trove of business credentials (emails and passwords as well as Skype usernames), as well as internal business data that can potentially be used for espionage. The advantages that group discussions, searchability and access across multiple platforms bring to businesses, also open up potential risks. In addition, employees often treat the collaboration tools as if they are internal systems and may be less cautious with the information that they share.

• User passwords must be managed carefully: The breaches of Slack and HipChat enabled hackers to obtain encrypted passwords. While both services assured users that the passwords were safe, the possibility to decrypt them exists. A secondary benefit to the criminals of obtaining these passwords is that – whether they use a single signon (SSO) approach or not - the logonid and password used for the chat platform, may well be identical to that used for other internal business systems. Because of this, when using these platforms, administrators should force users to choose passwords that are sufficiently complex and different from those used within the organization.

Want to know more about trends in cyber security last quarter? Then get your FREE copy of CYREN's Cyber Threats Report

Go back