Disney suffers massive internal communications data leak after cyberattack
- by nlqip
Speculations on the method
Cybersecurity experts pointed out that in recent incidents, hackers have breached Slack accounts by exploiting stolen or leaked API keys.
“Developers often integrate Slack into their automation tools, and in the process, sometimes accidentally leak these keys on code-sharing sites like GitHub or API platforms like Postman,” said Rahul Sasi, CEO of CloudSEK. “For example, in the Disney leak, hackers gained access to public chat rooms. This occurred because Slack API keys, by default, typically have access to public Slack rooms.”
Others added that while it’s too early to comment definitively on the cause of such a massive breach, common factors like weak passwords, phishing, and social engineering might not have compromised multiple Slack channels.
Source link
lol
Speculations on the method Cybersecurity experts pointed out that in recent incidents, hackers have breached Slack accounts by exploiting stolen or leaked API keys. “Developers often integrate Slack into their automation tools, and in the process, sometimes accidentally leak these keys on code-sharing sites like GitHub or API platforms like Postman,” said Rahul Sasi, CEO…
Recent Posts
- CISA warns of actively exploited Apache HugeGraph-Server bug
- Suspects behind $230 million cryptocurrency theft arrested in Miami
- Ivanti Says ‘Critical’ Cloud Gateway Vulnerability Seeing Exploitation
- Microsoft Edge will flag extensions causing performance issues
- Sophos CEO On How EDR Vendors, Microsoft Are ‘Rethinking’ Security After CrowdStrike Outage