Historically, Slack account credentials have received minimal interest from hackers, but security researchers like Raveed Laeb, suspect that hacks like the Twitter hack and EA hack are likely tipping threat actors off on the value of Slack as a breach vector. On the dark web, Slack credentials sell from anywhere between $0.50 and up to $300. This clip illustrates the threat landscape for SaaS applications and how data leakage occurs within these systems In the video clip below, we discuss how collaborative SaaS applications have led to an exponential increase in the amount of sensitive data companies store and share, and how threat actors have caught on to this: Sensitive information, like customer names, addresses, and credit card numbers might be in Slack in plain text depending on the types of employees that are using Slack (like customer service reps). Slack may also provide secrets or credentials that lead to other systems if employees have engaged in unsafe sharing of account credentials. ![]() Through Slack, an attacker can learn of an organization’s structure as well as the SaaS applications that the company uses/has connected to Slack. Slack may be useful for hackers that are conducting: What makes Slack a valuable target?Īs the central communications hub for many organizations, Slack can be a valuable resource for some threat actors, depending on their objectives. Addressing this risk requires adoption of continuous data security and compliance. These breaches are part of a growing trend of misconfigurations exposing data in SaaS systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |