Developers leak Slack access tokens on GitHub, putting sensitive business data at risk

Developers from hundreds of companies have included access tokens for their Slack accounts in public projects on GitHub, putting their teams’ internal chats and other data at risk.

Slack has become one of the most popular collaboration and internal communication tools used by companies because of its versatility. The platform’s API allows users to develop bots that can receive commands or post content from external services directly in Slack channels, making it easy to automate various tasks.

Many developers post the code for their Slack bots — some of which are small personal projects — on GitHub, but fail to remove the bots’ access tokens. Some developers even include private tokens associated with their own accounts in the code.

To read this article in full or to leave a comment, please click here