Slack fixes bug that granted hackers access to accounts and messages

Slack socks

A security flaw that recently surfaced within the popular enterprise chat platform Slack has been resolved.

The vulnerability, which was originally spotted and reported by Frans Rosén of the cybersecurity firm Detectify, allowed hackers to steal users’ Slack tokens by tricking them into opening a malicious page. After alerting Slack to the problem, Rosén wrote about the bug in a blog post.

Rosén reportedly suspected the flaw when a glitch in the desktop app allowed him to hang up other people’s calls. In addition, he uncovered a second flaw in the code which allowed him to intercept messages being sent to the main application.

The bug was reportedly resolved five hours later, which earned Rosén $3,000 from the company’s bug bounty.

Slack is a Vancouver-originated enterprise communications company that was founded in 2009 by Stewart Butterfield, Eric Costello, Cal Henderson, and Serguei Mourachov.

This article was originally published on MobileSyrup

0 replies on “Slack fixes bug that granted hackers access to accounts and messages”